Security_guardium - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Security_guardium
(Ibm)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	112

Date	Id	Summary	Products	Score	Patch	Annotated
2018-12-17	CVE-2017-1272	IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747.	Security_guardium	5.3
2018-12-13	CVE-2017-1268	IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743.	Security_guardium	7.5
2018-12-17	CVE-2017-1265	IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740.	Security_guardium	5.9
2017-12-20	CVE-2017-1598	IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611.	Security_guardium	7.5
2017-12-20	CVE-2017-1266	IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.	Security_guardium	5.4
2017-04-20	CVE-2017-1122	IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174.	Security_guardium	7.4
2017-07-21	CVE-2017-1267	IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742.	Security_guardium	7.5
2017-12-20	CVE-2017-1757	IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.	Security_guardium	8.8
2017-12-20	CVE-2017-1600	IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613.	Security_guardium	5.4
2017-12-20	CVE-2017-1596	IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.	Security_guardium	5.5