CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39077 – IBM Security Guardium information disclosure
https://notcve.org/view.php?id=CVE-2021-39077
03 Nov 2022 — IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3 y 11.4 almacena las credenciales de usuario en texto plano que puede ser leído por un usuario local privilegiado. ID de IBM X-Force: 215587. • https://exchange.xforce.ibmcloud.com/vulnerabilities/215587 • CWE-312: Cleartext Storage of Sensitive Information CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39078
https://notcve.org/view.php?id=CVE-2021-39078
19 Apr 2022 — IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589. IBM Security Guardium versión 10.5, almacena las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local con privilegios. IBM X-Force ID: 215589 • https://exchange.xforce.ibmcloud.com/vulnerabilities/215589 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39076
https://notcve.org/view.php?id=CVE-2021-39076
19 Apr 2022 — IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585. IBM Security Guardium versiones 10.5 y 11.3, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información confidencial. IBM X-Force ID: 215585 • https://exchange.xforce.ibmcloud.com/vulnerabilities/215585 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-29735
https://notcve.org/view.php?id=CVE-2021-29735
08 Nov 2021 — IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Guardium versiones 10.5, 10.6, 11.0, 11.1, 11.2 y 11.3, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz d... • https://exchange.xforce.ibmcloud.com/vulnerabilities/201239 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1501
https://notcve.org/view.php?id=CVE-2018-1501
26 Aug 2020 — IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226. IBM Security Guardium versiones 10.5, 10.6 y 11.0, podrían permitir a un usuario no autorizado obtener información confidencial debido a una falta de controles de seguridad. IBM X-Force ID: 141226 • https://exchange.xforce.ibmcloud.com/vulnerabilities/141226 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4186
https://notcve.org/view.php?id=CVE-2020-4186
30 Jul 2020 — IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804. IBM Security Guardium versiones 10.5, 10.6 y 11.1, podría revelar información confidencial en la página de inicio de sesión que podría ayudar en nuevos ataques contra el sistema. IBM X-Force ID: 174804 • https://exchange.xforce.ibmcloud.com/vulnerabilities/174804 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4185
https://notcve.org/view.php?id=CVE-2020-4185
30 Jul 2020 — IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803. IBM Security Guardium versiones 10.5, 10.6 y 11.1, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 174803 • https://exchange.xforce.ibmcloud.com/vulnerabilities/174803 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4422
https://notcve.org/view.php?id=CVE-2019-4422
03 Oct 2019 — IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768. La versiones 9.0, 9.5 y 10.6 de IBM Security Guardium, son vulnerables a una escalada de privilegios que podría permitir a un usuario autenticado cambiar la contraseña de accessmgr. ID de IBM X-Force: 162768. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162768 •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-4292
https://notcve.org/view.php?id=CVE-2019-4292
02 Jul 2019 — IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698. Security Guardium versión 10.5 de IBM, podría permitir a un atacante remoto cargar archivos arbitrarios, que podría permitir al atacante ejecutar código arbitrario en el servidor web vulnerable. ID de IBM X-Force: 160698. • http://www.securityfocus.com/bid/109005 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1272
https://notcve.org/view.php?id=CVE-2017-1272
17 Dec 2018 — IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747. IBM Security Guardium 10.0 y 10.5 almacena información sensible en parámetros de URL. • http://www.securityfocus.com/bid/106237 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •