CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1267
https://notcve.org/view.php?id=CVE-2017-1267
21 Jul 2017 — IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742. IBM Security Guardium versión 10.0 y versión 10.1 procesa parches, copias de seguridad de imágenes y otras actualizaciones sin suficiente comprobación del origen y la integridad del código. ID de IBM X-Force: 124742. • http://www.ibm.com/support/docview.wss?uid=swg22004424 • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1253
https://notcve.org/view.php?id=CVE-2017-1253
05 Jul 2017 — IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633. IBM Security Guardium 10.0 permite a un usuario remoto autenticado ejecutar comandos aleatorios en el sistema. Mediante el envió de solicitudes especialmente manipuladas, un atacante podría ejecutar comando aleatorios en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22004426 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1254
https://notcve.org/view.php?id=CVE-2017-1254
05 Jul 2017 — IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634. IBM Security Guardium 10.0 es vulnerable a ataques XML External Entity Injection (XXE) cuando procesa datos XML. Un atacante remoto podría explotar esta vulnerabilidad exponiendo información altamente sensible o consumiendo recursos de memoria. • http://www.ibm.com/support/docview.wss?uid=swg22004463 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1264
https://notcve.org/view.php?id=CVE-2017-1264
05 Jul 2017 — IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739. IBM Security Guardium 10.0 no comprueba o al menos insuficientemente que la identidad de los actores es correcta, lo que llevaría a la exposición de los recursos o la funcionalidad a actores accidentales. IBM X-Force ID: 124739. • http://www.ibm.com/support/docview.wss?uid=swg22004425 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1256
https://notcve.org/view.php?id=CVE-2017-1256
05 Jul 2017 — IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124678 IBM Security Guardium 10.0 y 10.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código Javascript aleatorio en la interfaz web lo que alterará la funcionalidad planeada potencialment... • http://www.ibm.com/support/docview.wss?uid=swg22004461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1258
https://notcve.org/view.php?id=CVE-2017-1258
05 Jul 2017 — IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 IBM Security Guardium 10.0 y 10.1 no lleva a cabo un chequeo de la autentificación para los recursos críticos o funcionalidades permitiendo a usuarios anónimos acceder a áreas protegidas. IBM X-Force ID: 124685 • http://www.ibm.com/support/docview.wss?uid=swg22004309 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0238
https://notcve.org/view.php?id=CVE-2016-0238
05 Jul 2017 — IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409 IBM Security Guardiam 9.0, 9.1, 9.5, 10.0 y 10.1 transmite información sensible en texto plano en la sentencia de la solicitud. Esto podría permitir a un atacante obtener información sensible utilizando la técnica Man-In-TheMiddle. IBM X-Force ID:110409. • http://www.ibm.com/support/docview.wss?uid=swg21989124 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1269
https://notcve.org/view.php?id=CVE-2017-1269
05 Jul 2017 — IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744 Security Guardium versiones 10.0 y 10.1 de IBM, es vulnerable a la inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente especialmente diseñadas, que podrían permitirle visualizar, agregar, modificar o eliminar información en la base d... • http://www.ibm.com/support/docview.wss?uid=swg22004462 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1122
https://notcve.org/view.php?id=CVE-2017-1122
20 Apr 2017 — IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174. IBM Security Guardium 8.2, 9.0 y 10.0 contiene una vulnerabilidad que podría permitir a un atacante local con acceso a CLI inyectar comandos arbitrarios que se ejecutarían como root. IBM X-Force ID: 121174. • http://www.ibm.com/support/docview.wss?uid=swg21997868 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-6065
https://notcve.org/view.php?id=CVE-2016-6065
01 Feb 2017 — IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. La aplicación IBM Security Guardium Database Activity Monitor podría permitir a un usuario local inyectar comandos que serían ejecutados como root. • http://www.ibm.com/support/docview.wss?uid=swg21995657 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •