Page 4 of 19 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021. IBM Security Guardium 10 y 10.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150021 https://www.ibm.com/support/docview.wss?uid=ibm10737069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022. IBM Security Guardium 10 y 10.5 contiene credenciales embebidas, como una contraseña o una clave criptográfica, que emplea para su propia autenticación entrante, comunicación saliente hacia componentes externos o para cifrar datos internos. IBM X-Force ID: 150022. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150022 https://www.ibm.com/support/docview.wss?uid=ibm10737073 • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223. IBM Security Guardium EcoSystem 10.5 almacena las credenciales de usuario en formato de texto plano, por lo que podrían ser leídos por un usuario local. IBM X-Force ID: 141223. • http://www.securitytracker.com/id/1041763 https://exchange.xforce.ibmcloud.com/vulnerabilities/141223 https://www.ibm.com/support/docview.wss?uid=ibm10730317 • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417. IBM Security Guardium EcoSystem 10.5 no valida, o valida incorrectamente, un certificado. Esta debilidad podría permitir que un atacante suplante una entidad de confianza mediante un ataque Man-in-the-Middle (MitM). • http://www.ibm.com/support/docview.wss?uid=ibm10730321 http://www.securitytracker.com/id/1041759 https://exchange.xforce.ibmcloud.com/vulnerabilities/141417 • CWE-295: Improper Certificate Validation •