CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1376
https://notcve.org/view.php?id=CVE-2018-1376
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137777. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22016512 https://exchange.xforce.ibmcloud.com/vulnerabilities/137777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1768
https://notcve.org/view.php?id=CVE-2017-1768
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 genera un mensaje de error que incluye información sensible sobre su entorno, usuarios o datos asociados. IBM X-Force ID: 136471. • http://www.ibm.com/support/docview.wss?uid=swg22016515 http://www.securityfocus.com/bid/104493 https://exchange.xforce.ibmcloud.com/vulnerabilities/136471 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1373
https://notcve.org/view.php?id=CVE-2018-1373
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 emplea una configuración de bloqueo de cuenta inadecuada que podría permitir que un atacante remoto descifre credenciales de cuenta por fuerza bruta. IBM X-Force ID: 137773. • http://www.ibm.com/support/docview.wss?uid=swg22013750 http://www.securityfocus.com/bid/103199 http://www.securitytracker.com/id/1040453 https://exchange.xforce.ibmcloud.com/vulnerabilities/137773 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1372
https://notcve.org/view.php?id=CVE-2018-1372
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 no requiere que los usuarios tengan contraseñas fuertes por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 137772. • http://www.ibm.com/support/docview.wss?uid=swg22013832 http://www.securityfocus.com/bid/103237 https://exchange.xforce.ibmcloud.com/vulnerabilities/137772 • CWE-521: Weak Password Requirements •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1425
https://notcve.org/view.php?id=CVE-2018-1425
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003. IBM Security Guardium Big Data Intelligence (SonarG) 3.1 emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 139003. • http://www.ibm.com/support/docview.wss?uid=swg22013751 http://www.securityfocus.com/bid/103229 https://exchange.xforce.ibmcloud.com/vulnerabilities/139033 • CWE-326: Inadequate Encryption Strength •