CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1498
https://notcve.org/view.php?id=CVE-2018-1498
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223. IBM Security Guardium EcoSystem 10.5 almacena las credenciales de usuario en formato de texto plano, por lo que podrían ser leídos por un usuario local. IBM X-Force ID: 141223. • http://www.securitytracker.com/id/1041763 https://exchange.xforce.ibmcloud.com/vulnerabilities/141223 https://www.ibm.com/support/docview.wss?uid=ibm10730317 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1509
https://notcve.org/view.php?id=CVE-2018-1509
IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417. IBM Security Guardium EcoSystem 10.5 no valida, o valida incorrectamente, un certificado. Esta debilidad podría permitir que un atacante suplante una entidad de confianza mediante un ataque Man-in-the-Middle (MitM). • http://www.ibm.com/support/docview.wss?uid=ibm10730321 http://www.securitytracker.com/id/1041759 https://exchange.xforce.ibmcloud.com/vulnerabilities/141417 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1370
https://notcve.org/view.php?id=CVE-2018-1370
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 137769. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 especifica permisos para un recurso crítico para la seguridad de forma que permite que ese recurso sea leído o modificado por actores no planeados. IBM X-Force ID: 137769. • http://www.ibm.com/support/docview.wss?uid=swg22016132 https://exchange.xforce.ibmcloud.com/vulnerabilities/137769 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1375
https://notcve.org/view.php?id=CVE-2018-1375
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 no renueva una variable de sesión tras una autenticación exitosa. Esto podría desembocar en una vulnerabilidad de fijación/secuestro de sesión. • http://www.ibm.com/support/docview.wss?uid=swg22016513 https://exchange.xforce.ibmcloud.com/vulnerabilities/137776 • CWE-384: Session Fixation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1369
https://notcve.org/view.php?id=CVE-2018-1369
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 almacena información sensible en parámetros de URL. Esto podría llevar a una divulgación de información si partes no autorizadas tienen acceso a las URL mediante registros del servidor, cabeceras referrer o el historial del navegador. • http://www.ibm.com/support/docview.wss?uid=swg22016131 https://exchange.xforce.ibmcloud.com/vulnerabilities/137767 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •