CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1267
https://notcve.org/view.php?id=CVE-2017-1267
IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742. IBM Security Guardium versión 10.0 y versión 10.1 procesa parches, copias de seguridad de imágenes y otras actualizaciones sin suficiente comprobación del origen y la integridad del código. ID de IBM X-Force: 124742. • http://www.ibm.com/support/docview.wss?uid=swg22004424 http://www.securityfocus.com/bid/99896 http://www.securitytracker.com/id/1038984 https://exchange.xforce.ibmcloud.com/vulnerabilities/124742 • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1253
https://notcve.org/view.php?id=CVE-2017-1253
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633. IBM Security Guardium 10.0 permite a un usuario remoto autenticado ejecutar comandos aleatorios en el sistema. Mediante el envió de solicitudes especialmente manipuladas, un atacante podría ejecutar comando aleatorios en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22004426 http://www.securityfocus.com/bid/99372 https://exchange.xforce.ibmcloud.com/vulnerabilities/124633 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1254
https://notcve.org/view.php?id=CVE-2017-1254
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634. IBM Security Guardium 10.0 es vulnerable a ataques XML External Entity Injection (XXE) cuando procesa datos XML. Un atacante remoto podría explotar esta vulnerabilidad exponiendo información altamente sensible o consumiendo recursos de memoria. • http://www.ibm.com/support/docview.wss?uid=swg22004463 http://www.securityfocus.com/bid/99366 https://exchange.xforce.ibmcloud.com/vulnerabilities/124634 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1264
https://notcve.org/view.php?id=CVE-2017-1264
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739. IBM Security Guardium 10.0 no comprueba o al menos insuficientemente que la identidad de los actores es correcta, lo que llevaría a la exposición de los recursos o la funcionalidad a actores accidentales. IBM X-Force ID: 124739. • http://www.ibm.com/support/docview.wss?uid=swg22004425 http://www.securityfocus.com/bid/99369 https://exchange.xforce.ibmcloud.com/vulnerabilities/124739 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1258
https://notcve.org/view.php?id=CVE-2017-1258
IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 IBM Security Guardium 10.0 y 10.1 no lleva a cabo un chequeo de la autentificación para los recursos críticos o funcionalidades permitiendo a usuarios anónimos acceder a áreas protegidas. IBM X-Force ID: 124685 • http://www.ibm.com/support/docview.wss?uid=swg22004309 http://www.securityfocus.com/bid/99377 https://exchange.xforce.ibmcloud.com/vulnerabilities/124685 • CWE-287: Improper Authentication •