CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1269
https://notcve.org/view.php?id=CVE-2017-1269
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744 Security Guardium versiones 10.0 y 10.1 de IBM, es vulnerable a la inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente especialmente diseñadas, que podrían permitirle visualizar, agregar, modificar o eliminar información en la base de datos back-end. ID de IBM X-force: 124744 • http://www.ibm.com/support/docview.wss?uid=swg22004462 http://www.securityfocus.com/bid/99361 https://exchange.xforce.ibmcloud.com/vulnerabilities/124744 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1122
https://notcve.org/view.php?id=CVE-2017-1122
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174. IBM Security Guardium 8.2, 9.0 y 10.0 contiene una vulnerabilidad que podría permitir a un atacante local con acceso a CLI inyectar comandos arbitrarios que se ejecutarían como root. IBM X-Force ID: 121174. • http://www.ibm.com/support/docview.wss?uid=swg21997868 http://www.securityfocus.com/bid/97995 http://www.securitytracker.com/id/1038347 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-6065
https://notcve.org/view.php?id=CVE-2016-6065
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. La aplicación IBM Security Guardium Database Activity Monitor podría permitir a un usuario local inyectar comandos que serían ejecutados como root. • http://www.ibm.com/support/docview.wss?uid=swg21995657 http://www.securityfocus.com/bid/95145 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0242
https://notcve.org/view.php?id=CVE-2016-0242
IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message. IBM Security Guardium 10.x hasta la versión 10.1 en versiones anteriores a p100 permite a usuarios remotos autenticados obtener información sensible leyendo un mensaje de Application Error. • http://www-01.ibm.com/support/docview.wss?uid=swg21990229 http://www.securityfocus.com/bid/93825 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0239
https://notcve.org/view.php?id=CVE-2016-0239
IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors. IBM Security Guardium Database Activity Monitor 9.x hasta la versión 9.5 en versiones anteriores a p700 y 10.x hasta la versión 10.0.1 en versiones anteriores a p100 permite a usuarios remotos autenticados hacer peticiones HTTP con privilegios de administrador a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21988999 http://www.securityfocus.com/bid/93827 • CWE-264: Permissions, Privileges, and Access Controls •