CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1254
https://notcve.org/view.php?id=CVE-2017-1254
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634. IBM Security Guardium 10.0 es vulnerable a ataques XML External Entity Injection (XXE) cuando procesa datos XML. Un atacante remoto podría explotar esta vulnerabilidad exponiendo información altamente sensible o consumiendo recursos de memoria. • http://www.ibm.com/support/docview.wss?uid=swg22004463 http://www.securityfocus.com/bid/99366 https://exchange.xforce.ibmcloud.com/vulnerabilities/124634 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1264
https://notcve.org/view.php?id=CVE-2017-1264
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739. IBM Security Guardium 10.0 no comprueba o al menos insuficientemente que la identidad de los actores es correcta, lo que llevaría a la exposición de los recursos o la funcionalidad a actores accidentales. IBM X-Force ID: 124739. • http://www.ibm.com/support/docview.wss?uid=swg22004425 http://www.securityfocus.com/bid/99369 https://exchange.xforce.ibmcloud.com/vulnerabilities/124739 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1258
https://notcve.org/view.php?id=CVE-2017-1258
IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 IBM Security Guardium 10.0 y 10.1 no lleva a cabo un chequeo de la autentificación para los recursos críticos o funcionalidades permitiendo a usuarios anónimos acceder a áreas protegidas. IBM X-Force ID: 124685 • http://www.ibm.com/support/docview.wss?uid=swg22004309 http://www.securityfocus.com/bid/99377 https://exchange.xforce.ibmcloud.com/vulnerabilities/124685 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0238
https://notcve.org/view.php?id=CVE-2016-0238
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409 IBM Security Guardiam 9.0, 9.1, 9.5, 10.0 y 10.1 transmite información sensible en texto plano en la sentencia de la solicitud. Esto podría permitir a un atacante obtener información sensible utilizando la técnica Man-In-TheMiddle. IBM X-Force ID:110409. • http://www.ibm.com/support/docview.wss?uid=swg21989124 http://www.securityfocus.com/bid/99379 https://exchange.xforce.ibmcloud.com/vulnerabilities/110409 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1256
https://notcve.org/view.php?id=CVE-2017-1256
IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124678 IBM Security Guardium 10.0 y 10.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código Javascript aleatorio en la interfaz web lo que alterará la funcionalidad planeada potencialmente llevando a la revelación de las credenciales dentro de una sesión confiable. IBM X-Force ID: 124678 • http://www.ibm.com/support/docview.wss?uid=swg22004461 http://www.securityfocus.com/bid/99376 https://exchange.xforce.ibmcloud.com/vulnerabilities/124678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •