166 matches found
Information disclosure
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549...
CVE-2017-1595
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549...
Information disclosure
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550...
Cross site scripting
IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...
CVE-2017-1595
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549...
CVE-2017-1595
IBM Security Guardium Database Activity Monitor (Guardium) is affected by CVE-2017-1595, a local information disclosure vulnerability. The IBM Security Guardium Database Activity Monitor product family (V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3) could allow a local attacker to obtain highly sensitive i...
CVE-2017-1595
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549...
CVE-2017-1600
IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...
CVE-2017-1596
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550...
CVE-2017-1598
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611...
Tuning Capacity Tips for SecureSphere Database Activity Monitoring
You have Imperva SecureSphere Database Activity Monitoring DAM up and running. You’ve deployed the system and configured your business audit policies. So, what’s next? In a previous post I discussed the capacity management challenges of database monitoring solutions, in this post I’ll elaborate o...
Information Leak
moodle/moodle has an information leak. The database activity module has a flaw which allows authenticated users to read activity entries from a different group's users. The flaw can be exploited through the advanced search...
Information Disclosure Through Reading Restriction Bypass
Moodle is susceptible to information disclosure. The database activity module does not enforce the minimum participate entry count before displaying other users comments. This allows users to view other participant's entries using advanced search before they are allowed to...
Database Activity Monitoring: A Do’s and Don’ts Checklist for DBAs
In a previous post, we looked at the limitations of native audit, the free tool often used by database administrators DBAs for logging database activity. While it has its appeal—it’s already part of the database server and does not require additional cost for third-party appliances or...
Native Auditing Tools – Performance, Cost, and Compliance Issues
As we covered in a previous post, data-centric security measures need to be implemented to meet compliance requirements and protect against complex, ever-evolving attacks. There are two primary approaches to implementing these measures: Native auditing, which uses a database server's built-in too...
CVE-2016-6065
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root...
CVE-2016-6065
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root...
Command injection
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root...
CVE-2016-6065
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root...
CVE-2016-6065
CVE-2016-6065 affects IBM Security Guardium Database Activity Monitor appliances. A local user could inject commands that are executed as root due to an injection flaw in the appliance. Affected products/versions identified by IBM include Guardium Database Activity Monitor v8.2, v9, v9.1, v9.5, a...