CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1817
https://notcve.org/view.php?id=CVE-2018-1817
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021. IBM Security Guardium 10 y 10.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150021 https://www.ibm.com/support/docview.wss?uid=ibm10737069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1818
https://notcve.org/view.php?id=CVE-2018-1818
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022. IBM Security Guardium 10 y 10.5 contiene credenciales embebidas, como una contraseña o una clave criptográfica, que emplea para su propia autenticación entrante, comunicación saliente hacia componentes externos o para cifrar datos internos. IBM X-Force ID: 150022. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150022 https://www.ibm.com/support/docview.wss?uid=ibm10737073 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1498
https://notcve.org/view.php?id=CVE-2018-1498
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223. IBM Security Guardium EcoSystem 10.5 almacena las credenciales de usuario en formato de texto plano, por lo que podrían ser leídos por un usuario local. IBM X-Force ID: 141223. • http://www.securitytracker.com/id/1041763 https://exchange.xforce.ibmcloud.com/vulnerabilities/141223 https://www.ibm.com/support/docview.wss?uid=ibm10730317 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1509
https://notcve.org/view.php?id=CVE-2018-1509
IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417. IBM Security Guardium EcoSystem 10.5 no valida, o valida incorrectamente, un certificado. Esta debilidad podría permitir que un atacante suplante una entidad de confianza mediante un ataque Man-in-the-Middle (MitM). • http://www.ibm.com/support/docview.wss?uid=ibm10730321 http://www.securitytracker.com/id/1041759 https://exchange.xforce.ibmcloud.com/vulnerabilities/141417 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1255
https://notcve.org/view.php?id=CVE-2017-1255
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675. IBM Security Guardium 10.0, 10.0.1 y 10.1 hasta la 10.1.4 utiliza algoritmos criptográficos más débiles que lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 124675. • http://www.ibm.com/support/docview.wss?uid=swg22014537 https://exchange.xforce.ibmcloud.com/vulnerabilities/124675 • CWE-326: Inadequate Encryption Strength •