Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Security_guardium_insights
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-09 | CVE-2020-4173 | IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682. | Infosphere_guardium_activity_monitor, Security_guardium_insights | 4.3 | ||
| 2020-08-24 | CVE-2020-4165 | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174401. | Security_guardium_insights | 5.4 | ||
| 2020-08-24 | CVE-2020-4170 | IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174406. | Security_guardium_insights | 4.3 | ||
| 2020-08-24 | CVE-2020-4593 | IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747. | Security_guardium_insights | 4.4 |