CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4254
https://notcve.org/view.php?id=CVE-2020-4254
16 Oct 2020 — IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560. IBM Security Guardium Big Data Intelligence versión 1.0 (SonarG), utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial.  IBM X-Force ID: 175560 • https://exchange.xforce.ibmcloud.com/vulnerabilities/175560 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4339
https://notcve.org/view.php?id=CVE-2019-4339
28 Oct 2019 — IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, utiliza algoritmos criptográficos más débiles de lo esperado lo que podría permitir a un atacante desencriptar información altamente confidencial. ID de IBM X-Force: 161418. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161418 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4330
https://notcve.org/view.php?id=CVE-2019-4330
28 Oct 2019 — IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, no establece el atributo seguro para las cookies en las sesiones HTTPS, lo que podría causar que el agente de usuario envíe esas cookies en texto plano por medio de una sesión HTTP. ID de IBM X-Force: 161210. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161210 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4329
https://notcve.org/view.php?id=CVE-2019-4329
28 Oct 2019 — IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, utiliza listas negras incompletas para la comprobación de entrada lo que permite a atacantes omitir los controles de la aplicación, resultando en un impacto directo en el sistema y la integridad de lo... • https://exchange.xforce.ibmcloud.com/vulnerabilities/161209 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4314
https://notcve.org/view.php?id=CVE-2019-4314
28 Oct 2019 — IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, almacena información confidencial en texto sin cifrar dentro de un recurso que podría ser accesible en otra esfera de control. ID de IBM X-Force: 1610141. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161041 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4311
https://notcve.org/view.php?id=CVE-2019-4311
28 Oct 2019 — IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161037. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, divulga información confidencial a usuarios no autorizados. La información puede ser usada para montar futuros ataques en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161037 • CWE-863: Incorrect Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4309
https://notcve.org/view.php?id=CVE-2019-4309
28 Oct 2019 — IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, usa credenciales embebidas que podrían permitir a un usuario local obtener información altamente confidencial. ID de IBM X-Force: 161035. • https://exchange.xforce.ibmcloud.com/vulnerabilities/161035 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4307
https://notcve.org/view.php?id=CVE-2019-4307
28 Oct 2019 — IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, almacena las credenciales de usuario en texto plano y sin cifrar que puede ser leído por parte de un usuario local. ID de IBM X-Force: 160987. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160987 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4306
https://notcve.org/view.php?id=CVE-2019-4306
28 Oct 2019 — IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986. IBM Security Guardium Big Data Intelligence (SonarG) versión 4.0, especifica permisos para un recurso crítico de seguridad que podría conllevar a la exposición de información confidencial o la modificación de ese recurso por partes no previstas. ID de IBM X-... • https://exchange.xforce.ibmcloud.com/vulnerabilities/160986 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4340
https://notcve.org/view.php?id=CVE-2019-4340
20 Aug 2019 — IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419. IBM Security Guardium Big Data Intelligence 4.0 (SonarG) es vulnerable a un ataque de inyección de entidadexterna XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información c... • https://exchange.xforce.ibmcloud.com/vulnerabilities/161419 • CWE-611: Improper Restriction of XML External Entity Reference •