Code injection

IBM Security Guardium Data Encryption GDE 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936...

Code injection

IBM Security Guardium Data Encryption GDE 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938...

CVE-2019-4701

CVE-2019-4701 concerns IBM Guardium Data Encryption (GDE) 3.0.0.2, where active debugging code can create unintended entry points. Connected sources (CNVD-2020-50543) describe a cross-site scripting vulnerability in GDE 3.0.0.2 related to this issue, attributed to an unintended debugger entry. Th...

CVE-2019-4701

IBM Security Guardium Data Encryption GDE 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936...

CVE-2019-4713

IBM Security Guardium Data Encryption GDE 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084...

CVE-2019-4713

CVE-2019-4713 affects IBM Security Guardium Data Encryption (GDE) 3.0.0.2. A remote authenticated attacker could send a specially crafted request to execute arbitrary commands on the system. Public sources confirm the flaw and its impact (high CWE/CVSS), with IBM providing a fixed version in GDE ...

CVE-2019-4698

IBM Security Guardium Data Encryption GDE 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929...

CVE-2019-4699

IBM Security Guardium Data Encryption GDE 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931...

CVE-2019-4698

IBM Guardium Data Encryption (GDE) 3.0.0.2 is affected by a password-strength requirement weakness: by default, it does not require strong passwords, which could allow an attacker to compromise user accounts. The issue is documented in CVE-2019-4698 and reflected in IBM/third-party sources in the...

CVE-2019-4699

CVE-2019-4699 affects IBM Guardium Data Encryption (GDE) 3.0.0.2, where an error message can reveal sensitive information about the environment, users, or data. The root cause is information disclosure via error details generated by GDE. Practical impact is information exposure with a low base sc...

CVE-2019-4694

CVE-2019-4694 involves IBM Guardium Data Encryption (GDE) 3.0.0.2, which contains hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. The underlying risk is credential exposure within the product, as described in the CVE record and corrobor...

CVE-2019-4697

IBM Security Guardium Data Encryption GDE 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938...

CVE-2019-4694

IBM Security Guardium Data Encryption GDE 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832...

CVE-2019-4697

Summary (grounded): CVE-2019-4697 affects IBM Guardium Data Encryption (GDE) 3.0.0.2, where user credentials are stored in plaintext and readable by an authenticated user. The vulnerability stems from plaintext storage in GDE 3.0.0.2, enabling credential disclosure. The IBM/IBM X-Force and CNVD/N...

CVE-2019-4693

IBM Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plaintext, allowing a locally authenticated privileged user to read them. This is documented across multiple sources (NVD entry CVE-2019-4693 and CNVD-2020-49941), confirming plaintext storage vulnerability in GDE 3.0.0.2. IBM’...

CVE-2019-4692

IBM Security Guardium Data Encryption GDE 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829...

CVE-2019-4693

IBM Security Guardium Data Encryption GDE 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831...

CVE-2019-4688

CVE-2019-4688 affects IBM Guardium Data Encryption (GDE) 3.0.0.2, which does not set the secure attribute on authorization tokens or session cookies. This omission could allow an attacker to obtain cookie values by luring a user to click an http:// link or via a malicious site, enabling cookie sn...

CVE-2019-4688

IBM Security Guardium Data Encryption GDE 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...

CVE-2019-4689

Summary of CVE-2019-4689 (IBM Guardium Data Encryption, GDE) : GDE 3.0.0.2 stores HTTP Strict Transport Security incorrectly, allowing a remote attacker to obtain sensitive information via man-in-the-middle techniques. The vulnerability is caused by failure to properly enable HSTS, enabling poten...