Ibm

Security Guardium

114 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2018-1817

  • EPSS 0.17%
  • Veröffentlicht 13.12.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:00:26

IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ...

9.8

CVE-2018-1818

  • EPSS 0.04%
  • Veröffentlicht 13.12.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:00:26

IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force I...

7.5

CVE-2017-1268

  • EPSS 0.17%
  • Veröffentlicht 13.12.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:21:36

IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743.

7.8

CVE-2018-1498

  • EPSS 0.04%
  • Veröffentlicht 02.10.2018 15:29:01
  • Zuletzt bearbeitet 21.11.2024 03:59:55

IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223.

7.4

CVE-2018-1509

  • EPSS 0.11%
  • Veröffentlicht 02.10.2018 15:29:01
  • Zuletzt bearbeitet 21.11.2024 03:59:56

IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host...

7.5

CVE-2017-1255

  • EPSS 0.11%
  • Veröffentlicht 02.05.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:21:35

IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675.

5.5

CVE-2017-1596

  • EPSS 0.05%
  • Veröffentlicht 20.12.2017 18:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.

7.5

CVE-2017-1598

  • EPSS 0.12%
  • Veröffentlicht 20.12.2017 18:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611.

5.4

CVE-2017-1600

  • EPSS 0.23%
  • Veröffentlicht 20.12.2017 18:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d...

8.8

CVE-2017-1757

  • EPSS 1.08%
  • Veröffentlicht 20.12.2017 18:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.