CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1264
https://notcve.org/view.php?id=CVE-2017-1264
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739. IBM Security Guardium 10.0 no comprueba o al menos insuficientemente que la identidad de los actores es correcta, lo que llevaría a la exposición de los recursos o la funcionalidad a actores accidentales. IBM X-Force ID: 124739. • http://www.ibm.com/support/docview.wss?uid=swg22004425 http://www.securityfocus.com/bid/99369 https://exchange.xforce.ibmcloud.com/vulnerabilities/124739 • CWE-287: Improper Authentication •
CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1253
https://notcve.org/view.php?id=CVE-2017-1253
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633. IBM Security Guardium 10.0 permite a un usuario remoto autenticado ejecutar comandos aleatorios en el sistema. Mediante el envió de solicitudes especialmente manipuladas, un atacante podría ejecutar comando aleatorios en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22004426 http://www.securityfocus.com/bid/99372 https://exchange.xforce.ibmcloud.com/vulnerabilities/124633 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0238
https://notcve.org/view.php?id=CVE-2016-0238
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409 IBM Security Guardiam 9.0, 9.1, 9.5, 10.0 y 10.1 transmite información sensible en texto plano en la sentencia de la solicitud. Esto podría permitir a un atacante obtener información sensible utilizando la técnica Man-In-TheMiddle. IBM X-Force ID:110409. • http://www.ibm.com/support/docview.wss?uid=swg21989124 http://www.securityfocus.com/bid/99379 https://exchange.xforce.ibmcloud.com/vulnerabilities/110409 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1256
https://notcve.org/view.php?id=CVE-2017-1256
IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124678 IBM Security Guardium 10.0 y 10.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código Javascript aleatorio en la interfaz web lo que alterará la funcionalidad planeada potencialmente llevando a la revelación de las credenciales dentro de una sesión confiable. IBM X-Force ID: 124678 • http://www.ibm.com/support/docview.wss?uid=swg22004461 http://www.securityfocus.com/bid/99376 https://exchange.xforce.ibmcloud.com/vulnerabilities/124678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1269
https://notcve.org/view.php?id=CVE-2017-1269
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744 Security Guardium versiones 10.0 y 10.1 de IBM, es vulnerable a la inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente especialmente diseñadas, que podrían permitirle visualizar, agregar, modificar o eliminar información en la base de datos back-end. ID de IBM X-force: 124744 • http://www.ibm.com/support/docview.wss?uid=swg22004462 http://www.securityfocus.com/bid/99361 https://exchange.xforce.ibmcloud.com/vulnerabilities/124744 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •