CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1818
https://notcve.org/view.php?id=CVE-2018-1818
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022. IBM Security Guardium 10 y 10.5 contiene credenciales embebidas, como una contraseña o una clave criptográfica, que emplea para su propia autenticación entrante, comunicación saliente hacia componentes externos o para cifrar datos internos. IBM X-Force ID: 150022. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150022 https://www.ibm.com/support/docview.wss?uid=ibm10737073 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1268
https://notcve.org/view.php?id=CVE-2017-1268
IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743. IBM Security Guardium 10 y 10.5 emplea un hash criptográfico en un sentido contra una entrada que no debería ser reversible, como una contraseña, pero el software tampoco emplea una sal como parte de la entrada. IBM X-Force ID: 124743. • http://www.securityfocus.com/bid/106339 https://exchange.xforce.ibmcloud.com/vulnerabilities/124743 https://www.ibm.com/support/docview.wss?uid=ibm10737077 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1498
https://notcve.org/view.php?id=CVE-2018-1498
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223. IBM Security Guardium EcoSystem 10.5 almacena las credenciales de usuario en formato de texto plano, por lo que podrían ser leídos por un usuario local. IBM X-Force ID: 141223. • http://www.securitytracker.com/id/1041763 https://exchange.xforce.ibmcloud.com/vulnerabilities/141223 https://www.ibm.com/support/docview.wss?uid=ibm10730317 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1509
https://notcve.org/view.php?id=CVE-2018-1509
IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417. IBM Security Guardium EcoSystem 10.5 no valida, o valida incorrectamente, un certificado. Esta debilidad podría permitir que un atacante suplante una entidad de confianza mediante un ataque Man-in-the-Middle (MitM). • http://www.ibm.com/support/docview.wss?uid=ibm10730321 http://www.securitytracker.com/id/1041759 https://exchange.xforce.ibmcloud.com/vulnerabilities/141417 • CWE-295: Improper Certificate Validation •