Ibm: >> Security Guardium Security Vulnerabilities
IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743.
CVSS Score
5.9
EPSS Score
0.002
Published
2018-12-13
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223.
CVSS Score
6.2
EPSS Score
0.0
Published
2018-10-02
IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417.
CVSS Score
3.7
EPSS Score
0.001
Published
2018-10-02
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-05-02
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-12-20
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-12-20
IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-12-20
IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.
CVSS Score
8.8
EPSS Score
0.011
Published
2017-12-20
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-12-20
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.
CVSS Score
3.3
EPSS Score
0.0
Published
2017-12-20