CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0238
https://notcve.org/view.php?id=CVE-2016-0238
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409 IBM Security Guardiam 9.0, 9.1, 9.5, 10.0 y 10.1 transmite información sensible en texto plano en la sentencia de la solicitud. Esto podría permitir a un atacante obtener información sensible utilizando la técnica Man-In-TheMiddle. IBM X-Force ID:110409. • http://www.ibm.com/support/docview.wss?uid=swg21989124 http://www.securityfocus.com/bid/99379 https://exchange.xforce.ibmcloud.com/vulnerabilities/110409 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1269
https://notcve.org/view.php?id=CVE-2017-1269
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744 Security Guardium versiones 10.0 y 10.1 de IBM, es vulnerable a la inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente especialmente diseñadas, que podrían permitirle visualizar, agregar, modificar o eliminar información en la base de datos back-end. ID de IBM X-force: 124744 • http://www.ibm.com/support/docview.wss?uid=swg22004462 http://www.securityfocus.com/bid/99361 https://exchange.xforce.ibmcloud.com/vulnerabilities/124744 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1122
https://notcve.org/view.php?id=CVE-2017-1122
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174. IBM Security Guardium 8.2, 9.0 y 10.0 contiene una vulnerabilidad que podría permitir a un atacante local con acceso a CLI inyectar comandos arbitrarios que se ejecutarían como root. IBM X-Force ID: 121174. • http://www.ibm.com/support/docview.wss?uid=swg21997868 http://www.securityfocus.com/bid/97995 http://www.securitytracker.com/id/1038347 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-6065
https://notcve.org/view.php?id=CVE-2016-6065
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. La aplicación IBM Security Guardium Database Activity Monitor podría permitir a un usuario local inyectar comandos que serían ejecutados como root. • http://www.ibm.com/support/docview.wss?uid=swg21995657 http://www.securityfocus.com/bid/95145 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0249
https://notcve.org/view.php?id=CVE-2016-0249
SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en IBM Security Guardium Database Activity Monitor 8.2 en versiones anteriores a p310, 9.x hasta la versión 9.5 en versiones anteriores a p700 y 10.x hasta la versión 10.1 en versiones anteriores a p100 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21990363 http://www.securityfocus.com/bid/93339 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •