Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:40 p.m.51 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Guardium

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Guardium. IBM Security Guardium has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability. Vulnerability Detail...

5.9CVSS0.5AI score0.82112EPSS
Exploits2Affected Software1
NVD
NVD
added 2017/12/20 6:29 p.m.23 views

CVE-2017-1262

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as We...

6.1CVSS6.1AI score0.01224EPSS
Exploits0References2
Prion
Prion
added 2017/12/20 6:29 p.m.17 views

Sql injection

IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858...

6.5CVSS8.5AI score0.01594EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/12/20 6:29 p.m.15 views

Code injection

IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736...

2.1CVSS3.3AI score0.00294EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/12/20 6:29 p.m.4 views

CVE-2017-1266

IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741...

5.4CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2017/12/20 6:0 p.m.51 views

CVE-2017-1266

CVE-2017-1266 affects IBM Security Guardium, with an incorrect permission assignment for a security-critical resource that can allow read/modify by unintended actors. Affected versions: Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3. Reported CVSS v3 base score around 4.2 (vector: CVSS:3.0/AV:N/AC:H...

5.5CVSS5.1AI score0.00538EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/07/05 6:29 p.m.19 views

Design/Logic Flaw

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633...

6.5CVSS8.9AI score0.02277EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/07/05 6:0 p.m.21 views

CVE-2017-1264

IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739...

7.2AI score0.0153EPSS
Exploits0References3
Rows per page
Query Builder