Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Security_guardium
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 112 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-12-20 | CVE-2017-1270 | IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745. | Security_guardium | 3.3 | ||
| 2017-07-05 | CVE-2017-1269 | IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744 | Security_guardium | 9.8 | ||
| 2017-07-05 | CVE-2017-1264 | IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739. | Security_guardium | 7.5 | ||
| 2017-12-20 | CVE-2017-1262 | IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737. | Security_guardium | 6.1 | ||
| 2017-12-20 | CVE-2017-1261 | IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736. | Security_guardium | 3.3 | ||
| 2017-07-05 | CVE-2017-1258 | IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 | Security_guardium | 6.5 | ||
| 2017-12-20 | CVE-2017-1257 | IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684. | Security_guardium | 4.3 | ||
| 2017-07-05 | CVE-2017-1256 | IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124678 | Security_guardium | 6.1 | ||
| 2018-05-02 | CVE-2017-1255 | IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675. | Security_guardium | 7.5 | ||
| 2017-07-05 | CVE-2017-1254 | IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634. | Security_guardium | 7.1 |