CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4310
https://notcve.org/view.php?id=CVE-2019-4310
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036. IBM Security Guardium Big Data Intelligence 4.0 (SonarG) utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto forzar credenciales de cuenta. ID de IBM X-Force: 161036. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161036 https://www.ibm.com/support/docview.wss?uid=ibm10960298 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-4292
https://notcve.org/view.php?id=CVE-2019-4292
IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698. Security Guardium versión 10.5 de IBM, podría permitir a un atacante remoto cargar archivos arbitrarios, que podría permitir al atacante ejecutar código arbitrario en el servidor web vulnerable. ID de IBM X-Force: 160698. • http://www.securityfocus.com/bid/109005 https://exchange.xforce.ibmcloud.com/vulnerabilities/160698 https://www.ibm.com/support/docview.wss?uid=ibm10888279 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1889
https://notcve.org/view.php?id=CVE-2018-1889
IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152080. IBM Security Guardium 10.0 y 10.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/106231 https://exchange.xforce.ibmcloud.com/vulnerabilities/152080 https://www.ibm.com/support/docview.wss?uid=ibm10743371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1272
https://notcve.org/view.php?id=CVE-2017-1272
IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747. IBM Security Guardium 10.0 y 10.5 almacena información sensible en parámetros de URL. • http://www.securityfocus.com/bid/106237 https://exchange.xforce.ibmcloud.com/vulnerabilities/124747 https://www.ibm.com/support/docview.wss?uid=ibm10731655 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1597
https://notcve.org/view.php?id=CVE-2017-1597
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132610. IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4 y 10.5 Database Activity Monitor no requiere que los usuarios tengan contraseñas fuertes por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 132610. • http://www.securityfocus.com/bid/106236 https://exchange.xforce.ibmcloud.com/vulnerabilities/132610 https://www.ibm.com/support/docview.wss?uid=swg22014231 • CWE-521: Weak Password Requirements •