CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4307
https://notcve.org/view.php?id=CVE-2019-4307
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, almacena las credenciales de usuario en texto plano y sin cifrar que puede ser leído por parte de un usuario local. ID de IBM X-Force: 160987. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160987 https://www.ibm.com/support/pages/node/1096288 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4306
https://notcve.org/view.php?id=CVE-2019-4306
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, especifica permisos para un recurso crítico de seguridad que podría conllevar a la exposición de información confidencial o la modificación de ese recurso por partes no previstas. ID de IBM X-Force: 160986. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160986 https://www.ibm.com/support/pages/node/1096396 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4422
https://notcve.org/view.php?id=CVE-2019-4422
IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768. La versiones 9.0, 9.5 y 10.6 de IBM Security Guardium, son vulnerables a una escalada de privilegios que podría permitir a un usuario autenticado cambiar la contraseña de accessmgr. ID de IBM X-Force: 162768. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162768 https://supportcontent.ibm.com/support/pages/node/957491 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4340
https://notcve.org/view.php?id=CVE-2019-4340
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419. IBM Security Guardium Big Data Intelligence 4.0 (SonarG) es vulnerable a un ataque de inyección de entidadexterna XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161419 https://www.ibm.com/support/docview.wss?uid=ibm10960856 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4338
https://notcve.org/view.php?id=CVE-2019-4338
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417. IBM Security Guardium Big Data Intelligence 4.0 (SonarG) no restringe correctamente el tamaño o la cantidad de recursos solicitados o influenciados por un actor. Esta debilidad se puede utilizar para consumir más recursos de los previstos. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161417 https://www.ibm.com/support/docview.wss?uid=ibm10960858 • CWE-770: Allocation of Resources Without Limits or Throttling •