Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-39077 DESCRIPTION: IBM Security Guardium stores user credentials in plain clear text which can be read by a local privileged user. CVSS Base score: 4.4 CVSS Temporal Score: See:...

Security Bulletin: IBM Security Verify Governance stores user credentials in plain clear text which can be read by a local user (CVE-2022-22470)

Summary IBM Security Verify Governance is vulnerable to exposure of user credentials to local users due to storage of credentials in cleartext CVE-2022-22470. This vulnerability has been removed by a code fix. Vulnerability Details CVEID:CVE-2022-22470 DESCRIPTION: IBM Security Verify Governance...

Security Bulletin: Security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2022-22457 DESCRIPTION: IBM Security Verify Governance stores sensitive information including user credentials in plain clear text which...

CVE-2023-46175 IBM Cloud Pak for Multicloud Management information disclosure

IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user...

CVE-2023-46175 IBM Cloud Pak for Multicloud Management information disclosure

IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user...

CVE-2024-25024 IBM QRadar Suite Software information disclosure

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430...

CVE-2024-39733 IBM Datacap Navigator information disclosure

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972...

CVE-2024-39733

IBM Datacap Navigator 9.1.5–9.1.9 stores user credentials in plaintext, allowing local read access and exposing confidentiality. The issue is confirmed across multiple sources (NVD, Red Hat, CNVD/CVE listings). Impact is confidentiality loss (C:H) with LOCAL access and LOW/no user interaction req...

CVE-2024-25052

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363...

CVE-2024-25052 IBM Jazz Reporting Service information disclosure

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363...

CVE-2024-25052 IBM Jazz Reporting Service information disclosure

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363...

CVE-2024-22312 IBM Storage Defender - Resiliency Service information disclosure

IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748...

CVE-2023-32338 IBM Sterling Secure Proxy information disclosure

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to insecure storage of sensitive information (CVE-2023-22878)

Summary A vulnerability due to insecure storage of sensitive information was addressed in InfoSphere Information Server. Vulnerability Details CVEID:CVE-2023-22878 DESCRIPTION: IBM InfoSphere Information Server stores user credentials in plain clear text which can be read by a local user. CVSS Ba...

CVE-2023-25686 IBM Security Key Lifecycle Manager information disclosure

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601...

CVE-2022-22470

IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232...

CVE-2022-41732

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality...

CVE-2022-34339

"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963."...

CVE-2022-34339

CVE-2022-34339 affects IBM Cognos Analytics 11.2.x and 11.1.x, where credentials are stored in plain text readable by an authenticated user. Root cause: cleartext credential storage. Impact: information disclosure (confidentiality High). Remediation: upgrade to IBM Cognos Analytics 11.2.3 or 11.1...