Lucene search
K
IbmSecurity Guardium

112 matches found

CVE
CVE
added 2024/05/16 5:22 p.m.94 views

CVE-2023-47717

CVE-2023-47717 affects IBM Security Guardium 12.0. A privileged user could trigger unauthorized actions that lead to a denial of service. CVSS v3.1 base score 4.4 (Local access, High privileges, No user interaction). Remediation is to upgrade to the fixed bundle SqlGuard_12.0p15_Bundle_Apr-23-202...

4.4CVSS6.2AI score0.00167EPSS
CVE
CVE
added 2023/08/27 10:18 p.m.87 views

CVE-2023-30435

Summary (CVE-2023-30435) : IBM Security Guardium versions 11.3–11.5 are vulnerable to stored cross-site scripting due to inadequate input filtering/escaping in the Web UI. An attacker could embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affecte...

8.9CVSS5.4AI score0.00365EPSS
CVE
CVE
added 2019/07/02 3:5 p.m.82 views

CVE-2019-4292

CVE-2019-4292 affects IBM Security Guardium (notably version 10.5; IBM’s bulletins also list 9.0–9.5, 10.5, 10.6, 11.0 as affected). The vulnerability allows a remote attacker to upload arbitrary files, enabling potential arbitrary code execution on the vulnerable web server. Remediation in IBM a...

8.8CVSS8.7AI score0.03741EPSS
CVE
CVE
added 2023/08/27 10:40 p.m.82 views

CVE-2022-43909

CVE-2022-43909 affects IBM Security Guardium 11.4, where a cross-site scripting (XSS) flaw in the Web UI could allow an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Public details in the connected documents confirm affected produ...

5.4CVSS4.7AI score0.00321EPSS
CVE
CVE
added 2023/08/27 10:24 p.m.82 views

CVE-2023-30437

CVE-2023-30437 affects IBM Security Guardium 11.3, 11.4, and 11.5. Affected component: the web UI/API surface used to enumerate usernames via a specially crafted HTTP request, enabling information disclosure by an unauthenticated/unauthorized user. Root cause details are described across multiple...

5.3CVSS5.1AI score0.00522EPSS
CVE
CVE
added 2022/04/19 4:15 p.m.81 views

CVE-2021-39076

IBM Security Guardium is affected by CVE-2021-39076 (weaker cryptographic algorithms). The IBM bulletin lists affected versions: Guardium 10.5 and 11.3 (and other variants up to 11.4), with remediation by updating to the fixed bundles shown in IBM’s advisories. The vulnerability could allow an at...

7.5CVSS7.2AI score0.00548EPSS
CVE
CVE
added 2022/04/19 4:15 p.m.80 views

CVE-2021-39072

CVE-2021-39072 affects IBM Security Guardium 11.1–11.4. The root cause is failure to properly enable HTTP Strict Transport Security, allowing remote attackers to potentially de-obfuscate sensitive data via man-in-the-middle. The IBM Security Guardium bulletin confirms the vulnerability and provid...

5.9CVSS5.3AI score0.01233EPSS
CVE
CVE
added 2022/04/19 4:15 p.m.80 views

CVE-2021-39078

CVE-2021-39078 affects IBM Security Guardium 10.5, with credentials stored in plain text accessible to a local privileged user. The IBM Security Guardium remediation/patches cover multiple versions (10.5, 10.6, 11.0, 11.1, 11.2, 11.3, 11.4); apply the fixes via IBM FixCentral as listed (e.g., Sql...

4.4CVSS4.2AI score0.00138EPSS
CVE
CVE
added 2023/07/19 1:56 a.m.80 views

CVE-2022-43908

CVE-2022-43908 affects IBM Security Guardium 11.3 (also listed with 11.4 and 11.5 in IBM bulletin). Root cause is an input validation error that could allow an authenticated user to cause a denial of service. Impact is DoS with availability loss; no other impacts stated. Remediation per provided ...

6.5CVSS5.2AI score0.00607EPSS
CVE
CVE
added 2023/11/28 10:52 a.m.78 views

CVE-2023-42004

IBM Security Guardium versions 11.3, 11.4, and 11.5 are affected by CVE-2023-42004, a CSV injection vulnerability due to improper validation of CSV file contents. A remote attacker could execute malicious commands via crafted CSV data, with high impact on confidentiality, integrity, and availabil...

8.8CVSS8.2AI score0.01054EPSS
CVE
CVE
added 2023/08/27 10:38 p.m.77 views

CVE-2022-43907

IBM Security Guardium 11.4 includes a command-execution vulnerability that allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Affected version: Guardium 11.4. Root cause per disclosures: insufficient input filtering of crafte...

8.8CVSS7.9AI score0.01017EPSS
CVE
CVE
added 2023/08/27 10:21 p.m.76 views

CVE-2023-30436

CVE-2023-30436 affects IBM Security Guardium versions 11.3, 11.4, and 11.5. The connected documents describe a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript and potentially lead to credentials disclosure within a trusted session. Root cause is no...

5.5CVSS5.2AI score0.00292EPSS
CVE
CVE
added 2023/08/27 10:46 p.m.76 views

CVE-2023-33852

CVE-2023-33852 affects IBM Security Guardium 11.4 (and 11.5 per bulletin). A SQL injection vulnerability could allow a remote attacker to view, add, modify or delete data in the back-end database due to insufficient input validation in SQL statements. Affected products/versions: IBM Security Guar...

7.6CVSS6AI score0.00429EPSS
CVE
CVE
added 2022/12/20 8:17 p.m.74 views

CVE-2022-39166

CVE-2022-39166 affects IBM Security Guardium 11.4. The vulnerability allows a privileged user to obtain sensitive information in HTTP responses (information disclosure). Root cause details are not fully disclosed in the provided documents. IBM’s bulletin for Guardium lists fixes for 11.4 via patc...

4.9CVSS4.3AI score0.00582EPSS
CVE
CVE
added 2023/06/05 12:53 a.m.74 views

CVE-2023-0041

IBM Security Guardium 11.5 is affected by CVE-2023-0041, where insufficient session expiration could allow a user to take over another user’s session. Connected sources also indicate Guardium 11.3/11.4/11.5 were affected; remediation is available via IBM FixCentral (links shown in sources), thoug...

8.8CVSS7.1AI score0.00455EPSS
CVE
CVE
added 2024/05/11 1:7 p.m.74 views

CVE-2023-47709

CVE-2023-47709 affects IBM Security Guardium versions 11.3, 11.4, 11.5 and 12.0. A remote authenticated attacker could execute arbitrary commands by sending a specially crafted request, due to a failure to neutralize certain elements in the OS command handling. The issue is confirmed in multiple ...

9.1CVSS7.2AI score0.01044EPSS
CVE
CVE
added 2023/08/27 11:8 p.m.73 views

CVE-2022-43904

CVE-2022-43904 affects IBM Security Guardium 11.3 and 11.4 (also 10.6 and 11.5 per IBM bulletin) with an information-disclosure risk due to improper restriction of excessive authentication attempts. The issue can disclose sensitive information to an attacker. IBM’s Security Bulletin notes a base ...

7.5CVSS7.3AI score0.00666EPSS
CVE
CVE
added 2024/05/11 1:15 p.m.73 views

CVE-2023-47712

CVE-2023-47712 affects IBM Security Guardium 11.3, 11.4, 11.5 and 12.0. The issue is privilege escalation due to improper permissions control, enabling a local user to gain elevated privileges. The IBM bulletin lists these versions as susceptible and provides remediation by applying security patc...

7.8CVSS6.4AI score0.00193EPSS
CVE
CVE
added 2025/04/09 2:7 p.m.69 views

CVE-2025-25023

IBM Guardium Data Protection versions 11.4, 11.5, 12.0 and 12.1 are affected by CVE-2025-25023 due to incorrect privilege assignment that could allow a privileged user to read arbitrary files. The vulnerability is described as an incorrect privilege assignment (CWE-266) with a CVSS v3.1 base scor...

4.9CVSS4.9AI score0.00314EPSS
CVE
CVE
added 2017/12/20 6:0 p.m.68 views

CVE-2017-1262

CVE-2017-1262 affects IBM Security Guardium, versions 10.0, 10.0.1, 10.1, 10.1.2, and 10.1.3, which are vulnerable to HTTP response splitting via specially crafted URLs. The underlying issue permits a remote attacker to trigger a split response, enabling follow-on attacks such as Web cache poison...

6.1CVSS6.1AI score0.01224EPSS
CVE
CVE
added 2023/08/16 9:53 p.m.68 views

CVE-2023-35893

CVE-2023-35893 affects IBM Security Guardium versions 10.6, 11.3, 11.4, and 11.5. The vulnerability allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. The initial sources (IBM X-Force entry) rate the risk as high/critical wit...

9.9CVSS8.9AI score0.01072EPSS
CVE
CVE
added 2024/05/11 1:18 p.m.68 views

CVE-2023-47711

IBM Security Guardium 11.3–12.0 is affected by CVE-2023-47711, where an authenticated user can upload files that trigger a denial of service. The IBM advisory lists fixes for 11.3, 11.4, 11.5, and 12.0 and provides patch links via Fix Central. There is no explicit exploit detail in the provided d...

6.5CVSS6.2AI score0.00684EPSS
CVE
CVE
added 2022/06/29 3:55 p.m.67 views

CVE-2021-39074

IBM Security Guardium 11.4 is affected by CVE-2021-39074, a Cross-Site Scripting vulnerability in the Web UI that can allow an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. The issue affects Guardium 11.4 and has a CVSSv3.0 base score of 6.1...

6.1CVSS5.8AI score0.00573EPSS
CVE
CVE
added 2023/06/15 12:35 a.m.67 views

CVE-2022-22307

IBM Security Guardium 11.3–11.5 are affected by CVE-2022-22307, allowing a local user to escalate privileges due to incorrect authorization checks. The IBM Security Guardium bulletin lists the remediation: upgrade to fixed bundles for 11.3, 11.4, or 11.5 (fix IDs provided in the IBM bulletin). No...

7.8CVSS5.2AI score0.00157EPSS
CVE
CVE
added 2023/09/04 11:49 p.m.67 views

CVE-2022-43903

CVE-2022-43903 affects IBM Security Guardium versions 10.6, 11.3, and 11.4, where an authenticated user could cause a denial of service due to improper input validation. The Red Hat bulletin also references Guardium with the same CVE. Remediation is available via IBM Fix Central/Fixes for the aff...

6.5CVSS5.2AI score0.00607EPSS
CVE
CVE
added 2021/09/15 5:55 p.m.66 views

CVE-2021-29773

CVE-2021-29773 affects IBM Security Guardium 10.6 and 11.3, due to an insecure direct object vulnerability (IDOR) that could allow a remote authenticated attacker to obtain sensitive information or modify user details. The IBM Security bulletin indicates these vulnerabilities are fixed in specifi...

5.5CVSS5AI score0.00681EPSS
CVE
CVE
added 2022/11/03 12:0 a.m.66 views

CVE-2021-39077

CVE-2021-39077 affects IBM Security Guardium 10.5, 10.6, 11.0–11.4. The root cause is that Guardium stores user credentials in plaintext, allowing a local privileged user to read them. This vulnerability is documented in IBM/Red Hat advisories and is assigned an X-Force ID of 215587. Remediation ...

4.4CVSS5.2AI score0.00126EPSS
CVE
CVE
added 2025/05/28 1:11 a.m.66 views

CVE-2025-25026

CVE-2025-25026 affects IBM Guardium Data Protection (IBM Guardium Data Protection 12.0; also listed for 12.1 in the bulletin). Root cause: an incorrect authentication check allows an authenticated user to obtain sensitive information (information disclosure). CVSS: 4.3 (Med) with Network attack v...

4.3CVSS4.4AI score0.00249EPSS
CVE
CVE
added 2024/12/19 5:21 p.m.65 views

CVE-2024-49336

IBM Security Guardium is affected by CVE-2024-49336 (SSRF) affecting versions 11.5, 12.0, and 12.1. The vulnerability enables an authenticated attacker to cause the system to issue unauthorized requests, potentially enabling network enumeration or related attacks. IBM’s advisory notes remediation...

6.5CVSS5.8AI score0.00213EPSS
CVE
CVE
added 2025/05/28 1:10 a.m.64 views

CVE-2025-25025

Summary: CVE-2025-25025 affects IBM Guardium Data Protection (notably version 12.0, with 12.1 also listed). The issue is an information-disclosure vulnerability caused by returning a detailed technical error message in the browser, which can enable a remote attacker to obtain sensitive informatio...

5.3CVSS4.3AI score0.00294EPSS
CVE
CVE
added 2024/05/24 12:1 p.m.62 views

CVE-2023-47710

CVE-2023-47710 affects IBM Security Guardium 11.4, 11.5, and 12.0. The flaw is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially changing functionality and leading to credentials disclosure within a trusted session. Root cause stems f...

5.4CVSS5.2AI score0.00249EPSS
CVE
CVE
added 2017/12/20 6:0 p.m.61 views

CVE-2017-1261

CVE-2017-1261 affects IBM Security Guardium. The vulnerability arises from Guardium storing potentially sensitive information in log files, which a local attacker could read. Affected product versions include Guardium 10.0, 10.0.1, 10.1, 10.1.2, and 10.1.3. IBM provides a fix (Remediation/First F...

3.3CVSS3.4AI score0.00294EPSS
CVE
CVE
added 2023/07/19 2:4 a.m.61 views

CVE-2022-43910

CVE-2022-43910 affects IBM Security Guardium 11.3. Local user privilege escalation due to improper permission controls. IBM notes multiple Guardium advisories; exploitation status not specified in the provided documents. Remediation references include updating to newer Guardium versions (11.4/11....

8.4CVSS7.6AI score0.00162EPSS
CVE
CVE
added 2025/05/28 1:12 a.m.61 views

CVE-2025-25029

CVE-2025-25029 affects IBM Guardium Data Protection (12.0 and 12.1). A privileged user could download any file on the system due to improper escaping of input. The IBM bulletin lists fixes for 12.0 (SqlGuard_12.0p40_Bundle) and 12.1 (SqlGuard_12.0p120_Bundle) and recommends updating. Connected so...

6.5CVSS4.9AI score0.00294EPSS
CVE
CVE
added 2023/10/04 1:50 p.m.60 views

CVE-2022-43906

IBM Security Guardium 11.5 is affected by CVE-2022-43906 due to a missing or insecure SameSite attribute on a sensitive cookie, which could disclose sensitive information. The issue has been addressed by IBM; remediation involves updating to a patched release and applying the provided fix guidanc...

5.3CVSS4AI score0.00407EPSS
CVE
CVE
added 2017/12/20 6:0 p.m.59 views

CVE-2017-1598

IBM Security Guardium Database Activity Monitor (V10.0–10.1.3) is affected by use of weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Root cause: cryptographic weakness in the product’s crypto implementation. Impact: potential confidentiality b...

7.5CVSS7.2AI score0.00848EPSS
CVE
CVE
added 2017/12/20 6:0 p.m.58 views

CVE-2017-1257

Summary: CVE-2017-1257 concerns an information disclosure in IBM Security Guardium. The vulnerability affects Guardium 10.x (notably 10.0, 10.0.x, 10.1, 10.1.x) where sensitive data can be disclosed to unauthorized users. The root cause is an information exposure weakness in Guardium that could e...

4.3CVSS4.4AI score0.01058EPSS
CVE
CVE
added 2017/07/05 1:0 p.m.58 views

CVE-2017-1269

The CVE-2017-1269 issue affects IBM Security Guardium v10.0, 10.0.1, 10.1, 10.1.2, and 10.1.3. It is a SQL injection vulnerability that could allow a remote attacker to view, add, modify, or delete data in the back-end database by sending specially crafted SQL statements. The root cause is SQL in...

9.8CVSS9.4AI score0.01852EPSS
CVE
CVE
added 2016/06/29 1:0 a.m.57 views

CVE-2016-0298

IBM Security Guardium Database Activity Monitor v10 prior to 10.0p100 is affected by CVE-2016-0298, a directory traversal vulnerability allowing an authenticated remote user to read arbitrary files via a crafted URL. Root cause: improper handling of URL paths leading to directory traversal. Impac...

6.5CVSS5.9AI score0.0131EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.57 views

CVE-2016-6065

CVE-2016-6065 affects IBM Security Guardium Database Activity Monitor appliances. A local user could inject commands that are executed as root due to an injection flaw in the appliance. Affected products/versions identified by IBM include Guardium Database Activity Monitor v8.2, v9, v9.1, v9.5, a...

7.8CVSS7.4AI score0.0038EPSS
CVE
CVE
added 2017/12/20 6:0 p.m.56 views

CVE-2017-1595

IBM Security Guardium Database Activity Monitor (Guardium) is affected by CVE-2017-1595, a local information disclosure vulnerability. The IBM Security Guardium Database Activity Monitor product family (V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3) could allow a local attacker to obtain highly sensitive i...

5.5CVSS4.9AI score0.00307EPSS
CVE
CVE
added 2021/05/24 1:55 p.m.55 views

CVE-2021-20385

CVE-2021-20385 affects IBM Security Guardium 11.2, where a remote authenticated attacker could execute arbitrary commands via a specially crafted request. The primary sources confirm the vulnerability in Guardium and assign an IBM X-Force ID 195766, with a high impact indication in the CVSS metri...

9CVSS7.6AI score0.02101EPSS
CVE
CVE
added 2017/07/05 6:0 p.m.54 views

CVE-2017-1254

CVE-2017-1254 affects IBM Security Guardium: XML External Entity (XXE) processing vulnerability in Guardium 10.x. A remote attacker could exploit XXE to access sensitive data or exhaust memory during XML processing. Root cause: improper handling of external entities in XML parsing. Impact per sou...

7.1CVSS6.8AI score0.01587EPSS
CVE
CVE
added 2017/07/21 8:0 p.m.54 views

CVE-2017-1267

CVE-2017-1267 affects IBM Security Guardium. The IBM security bulletin confirms a vulnerability where Guardium processes patches, image backups and other updates without adequately verifying the origin and integrity of the code. Affected are Guardium versions 9.0, 9.1, 9.5 and 10.0, 10.0.1, 10.1,...

7.5CVSS7.3AI score0.0163EPSS
CVE
CVE
added 2017/12/07 3:0 p.m.54 views

CVE-2017-1271

Summary: CVE-2017-1271 affects IBM Security Guardium and relates to not selecting the strongest mutual algorithm during negotiation. Affected products/versions: Guardium 9.0, 9.1, 9.5 (and 10.0+ up to 10.1.3 per IBM bulletin). Root cause: negotiation allows weaker algorithms (encryption/authentic...

7.5CVSS7.2AI score0.00841EPSS
CVE
CVE
added 2017/07/05 6:0 p.m.53 views

CVE-2017-1253

CVE-2017-1253 affects IBM Security Guardium up to version 10.x, where a remote authenticated attacker could execute arbitrary commands via a specially crafted request due to an OS command injection vulnerability. The IBM Security Guardium bulletin confirms affected releases (including 9.0–9.5 and...

9.9CVSS9.1AI score0.02277EPSS
CVE
CVE
added 2017/07/05 6:0 p.m.53 views

CVE-2017-1264

CVE-2017-1264 is an IBM Security Guardium vulnerability (Improper Authentication) described by IBM as affecting Guardium 9.0, 9.1, 9.5 and 10.0, 10.0.1, 10.1, 10.1.2. The root cause is insufficient verification of a user’s identity, which can allow exposure of resources or functionality to uninte...

7.5CVSS7.2AI score0.0153EPSS
CVE
CVE
added 2017/12/20 6:0 p.m.53 views

CVE-2017-1596

The CVE-2017-1596 entry affects IBM Security Guardium Database Activity Monitor (V10.0 to 10.1.3). It describes a local disclosure vulnerability in which a local attacker could obtain highly sensitive information via unspecified vectors. The IBM security bulletin confirms affected versions: 10.0,...

5.5CVSS4.9AI score0.00307EPSS
CVE
CVE
added 2018/12/17 4:0 p.m.53 views

CVE-2017-1597

CVE-2017-1597 affects IBM Security Guardium Database Activity Monitor versions 10.0–10.5. The root cause is a default weak password policy (no requirement for strong passwords), which can enable account compromise. Official advisories estimate CVSSv3 base score 7.5 (High) with impact on confident...

7.5CVSS7.3AI score0.02017EPSS
CVE
CVE
added 2017/12/20 6:0 p.m.53 views

CVE-2017-1600

IBM Security Guardium Database Activity Monitor is affected by CVE-2017-1600, a cross-site scripting vulnerability in the Web UI. The vulnerability allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affected products/versions include Gua...

5.4CVSS5.2AI score0.00538EPSS
Total number of security vulnerabilities112