CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4311
https://notcve.org/view.php?id=CVE-2019-4311
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, divulga información confidencial a usuarios no autorizados. La información puede ser usada para montar futuros ataques en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161037 https://www.ibm.com/support/pages/node/1098069 • CWE-863: Incorrect Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4309
https://notcve.org/view.php?id=CVE-2019-4309
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, usa credenciales embebidas que podrían permitir a un usuario local obtener información altamente confidencial. ID de IBM X-Force: 161035. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161035 https://www.ibm.com/support/pages/node/1096348 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4307
https://notcve.org/view.php?id=CVE-2019-4307
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, almacena las credenciales de usuario en texto plano y sin cifrar que puede ser leído por parte de un usuario local. ID de IBM X-Force: 160987. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160987 https://www.ibm.com/support/pages/node/1096288 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4306
https://notcve.org/view.php?id=CVE-2019-4306
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, especifica permisos para un recurso crítico de seguridad que podría conllevar a la exposición de información confidencial o la modificación de ese recurso por partes no previstas. ID de IBM X-Force: 160986. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160986 https://www.ibm.com/support/pages/node/1096396 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4340
https://notcve.org/view.php?id=CVE-2019-4340
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419. IBM Security Guardium Big Data Intelligence 4.0 (SonarG) es vulnerable a un ataque de inyección de entidadexterna XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161419 https://www.ibm.com/support/docview.wss?uid=ibm10960856 • CWE-611: Improper Restriction of XML External Entity Reference •