CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4167
https://notcve.org/view.php?id=CVE-2020-4167
IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. IBM X-Force ID: 174403. IBM Security Guardium Insights versión 2.0.1, podría permitir a un atacante obtener información confidencial o llevar a cabo acciones no autorizadas debido a mecanismos de autenticación inapropiados. IBM X-Force ID: 174403 • https://exchange.xforce.ibmcloud.com/vulnerabilities/174403 https://www.ibm.com/support/pages/node/6323297 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4166
https://notcve.org/view.php?id=CVE-2020-4166
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402. IBM Security Guardium Insights versión 2.0.1, podría permitir a un atacante remoto obtener información confidencial cuando un mensaje de error técnico detallado es devuelto en el navegador. Esta información podría ser usada en nuevos ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/174402 https://www.ibm.com/support/pages/node/6323297 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4174
https://notcve.org/view.php?id=CVE-2020-4174
IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683. IBM Security Guardium Insights versión 2.0.1, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 174683 • https://exchange.xforce.ibmcloud.com/vulnerabilities/174683 https://www.ibm.com/support/pages/node/6323297 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4598
https://notcve.org/view.php?id=CVE-2020-4598
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823. IBM Security Guardium Insights versión 2.0.1, podría permitir a un atacante remoto conducir ataques de phishing usando un ataque de redireccionamiento abierto. • https://exchange.xforce.ibmcloud.com/vulnerabilities/184823 https://www.ibm.com/support/pages/node/6320061 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4593
https://notcve.org/view.php?id=CVE-2020-4593
IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747. IBM Security Guardium Insights versión 2.0.1, almacena credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local. IBM X-Force ID: 184747. • https://exchange.xforce.ibmcloud.com/vulnerabilities/184747 https://www.ibm.com/support/pages/node/6320067 • CWE-522: Insufficiently Protected Credentials •