CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4309
https://notcve.org/view.php?id=CVE-2019-4309
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, usa credenciales embebidas que podrían permitir a un usuario local obtener información altamente confidencial. ID de IBM X-Force: 161035. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161035 https://www.ibm.com/support/pages/node/1096348 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4307
https://notcve.org/view.php?id=CVE-2019-4307
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, almacena las credenciales de usuario en texto plano y sin cifrar que puede ser leído por parte de un usuario local. ID de IBM X-Force: 160987. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160987 https://www.ibm.com/support/pages/node/1096288 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4306
https://notcve.org/view.php?id=CVE-2019-4306
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, especifica permisos para un recurso crítico de seguridad que podría conllevar a la exposición de información confidencial o la modificación de ese recurso por partes no previstas. ID de IBM X-Force: 160986. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160986 https://www.ibm.com/support/pages/node/1096396 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4340
https://notcve.org/view.php?id=CVE-2019-4340
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419. IBM Security Guardium Big Data Intelligence 4.0 (SonarG) es vulnerable a un ataque de inyección de entidadexterna XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161419 https://www.ibm.com/support/docview.wss?uid=ibm10960856 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4338
https://notcve.org/view.php?id=CVE-2019-4338
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417. IBM Security Guardium Big Data Intelligence 4.0 (SonarG) no restringe correctamente el tamaño o la cantidad de recursos solicitados o influenciados por un actor. Esta debilidad se puede utilizar para consumir más recursos de los previstos. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161417 https://www.ibm.com/support/docview.wss?uid=ibm10960858 • CWE-770: Allocation of Resources Without Limits or Throttling •