112 matches found
CVE-2023-47717
CVE-2023-47717 affects IBM Security Guardium 12.0. A privileged user could trigger unauthorized actions that lead to a denial of service. CVSS v3.1 base score 4.4 (Local access, High privileges, No user interaction). Remediation is to upgrade to the fixed bundle SqlGuard_12.0p15_Bundle_Apr-23-202...
CVE-2023-30435
Summary (CVE-2023-30435) : IBM Security Guardium versions 11.3–11.5 are vulnerable to stored cross-site scripting due to inadequate input filtering/escaping in the Web UI. An attacker could embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affecte...
CVE-2019-4292
CVE-2019-4292 affects IBM Security Guardium (notably version 10.5; IBM’s bulletins also list 9.0–9.5, 10.5, 10.6, 11.0 as affected). The vulnerability allows a remote attacker to upload arbitrary files, enabling potential arbitrary code execution on the vulnerable web server. Remediation in IBM a...
CVE-2022-43909
CVE-2022-43909 affects IBM Security Guardium 11.4, where a cross-site scripting (XSS) flaw in the Web UI could allow an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Public details in the connected documents confirm affected produ...
CVE-2023-30437
CVE-2023-30437 affects IBM Security Guardium 11.3, 11.4, and 11.5. Affected component: the web UI/API surface used to enumerate usernames via a specially crafted HTTP request, enabling information disclosure by an unauthenticated/unauthorized user. Root cause details are described across multiple...
CVE-2021-39076
IBM Security Guardium is affected by CVE-2021-39076 (weaker cryptographic algorithms). The IBM bulletin lists affected versions: Guardium 10.5 and 11.3 (and other variants up to 11.4), with remediation by updating to the fixed bundles shown in IBM’s advisories. The vulnerability could allow an at...
CVE-2021-39072
CVE-2021-39072 affects IBM Security Guardium 11.1–11.4. The root cause is failure to properly enable HTTP Strict Transport Security, allowing remote attackers to potentially de-obfuscate sensitive data via man-in-the-middle. The IBM Security Guardium bulletin confirms the vulnerability and provid...
CVE-2021-39078
CVE-2021-39078 affects IBM Security Guardium 10.5, with credentials stored in plain text accessible to a local privileged user. The IBM Security Guardium remediation/patches cover multiple versions (10.5, 10.6, 11.0, 11.1, 11.2, 11.3, 11.4); apply the fixes via IBM FixCentral as listed (e.g., Sql...
CVE-2022-43908
CVE-2022-43908 affects IBM Security Guardium 11.3 (also listed with 11.4 and 11.5 in IBM bulletin). Root cause is an input validation error that could allow an authenticated user to cause a denial of service. Impact is DoS with availability loss; no other impacts stated. Remediation per provided ...
CVE-2023-42004
IBM Security Guardium versions 11.3, 11.4, and 11.5 are affected by CVE-2023-42004, a CSV injection vulnerability due to improper validation of CSV file contents. A remote attacker could execute malicious commands via crafted CSV data, with high impact on confidentiality, integrity, and availabil...
CVE-2022-43907
IBM Security Guardium 11.4 includes a command-execution vulnerability that allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Affected version: Guardium 11.4. Root cause per disclosures: insufficient input filtering of crafte...
CVE-2023-30436
CVE-2023-30436 affects IBM Security Guardium versions 11.3, 11.4, and 11.5. The connected documents describe a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript and potentially lead to credentials disclosure within a trusted session. Root cause is no...
CVE-2023-33852
CVE-2023-33852 affects IBM Security Guardium 11.4 (and 11.5 per bulletin). A SQL injection vulnerability could allow a remote attacker to view, add, modify or delete data in the back-end database due to insufficient input validation in SQL statements. Affected products/versions: IBM Security Guar...
CVE-2022-39166
CVE-2022-39166 affects IBM Security Guardium 11.4. The vulnerability allows a privileged user to obtain sensitive information in HTTP responses (information disclosure). Root cause details are not fully disclosed in the provided documents. IBM’s bulletin for Guardium lists fixes for 11.4 via patc...
CVE-2023-0041
IBM Security Guardium 11.5 is affected by CVE-2023-0041, where insufficient session expiration could allow a user to take over another user’s session. Connected sources also indicate Guardium 11.3/11.4/11.5 were affected; remediation is available via IBM FixCentral (links shown in sources), thoug...
CVE-2023-47709
CVE-2023-47709 affects IBM Security Guardium versions 11.3, 11.4, 11.5 and 12.0. A remote authenticated attacker could execute arbitrary commands by sending a specially crafted request, due to a failure to neutralize certain elements in the OS command handling. The issue is confirmed in multiple ...
CVE-2022-43904
CVE-2022-43904 affects IBM Security Guardium 11.3 and 11.4 (also 10.6 and 11.5 per IBM bulletin) with an information-disclosure risk due to improper restriction of excessive authentication attempts. The issue can disclose sensitive information to an attacker. IBM’s Security Bulletin notes a base ...
CVE-2023-47712
CVE-2023-47712 affects IBM Security Guardium 11.3, 11.4, 11.5 and 12.0. The issue is privilege escalation due to improper permissions control, enabling a local user to gain elevated privileges. The IBM bulletin lists these versions as susceptible and provides remediation by applying security patc...
CVE-2025-25023
IBM Guardium Data Protection versions 11.4, 11.5, 12.0 and 12.1 are affected by CVE-2025-25023 due to incorrect privilege assignment that could allow a privileged user to read arbitrary files. The vulnerability is described as an incorrect privilege assignment (CWE-266) with a CVSS v3.1 base scor...
CVE-2017-1262
CVE-2017-1262 affects IBM Security Guardium, versions 10.0, 10.0.1, 10.1, 10.1.2, and 10.1.3, which are vulnerable to HTTP response splitting via specially crafted URLs. The underlying issue permits a remote attacker to trigger a split response, enabling follow-on attacks such as Web cache poison...
CVE-2023-35893
CVE-2023-35893 affects IBM Security Guardium versions 10.6, 11.3, 11.4, and 11.5. The vulnerability allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. The initial sources (IBM X-Force entry) rate the risk as high/critical wit...
CVE-2023-47711
IBM Security Guardium 11.3–12.0 is affected by CVE-2023-47711, where an authenticated user can upload files that trigger a denial of service. The IBM advisory lists fixes for 11.3, 11.4, 11.5, and 12.0 and provides patch links via Fix Central. There is no explicit exploit detail in the provided d...
CVE-2021-39074
IBM Security Guardium 11.4 is affected by CVE-2021-39074, a Cross-Site Scripting vulnerability in the Web UI that can allow an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. The issue affects Guardium 11.4 and has a CVSSv3.0 base score of 6.1...
CVE-2022-22307
IBM Security Guardium 11.3–11.5 are affected by CVE-2022-22307, allowing a local user to escalate privileges due to incorrect authorization checks. The IBM Security Guardium bulletin lists the remediation: upgrade to fixed bundles for 11.3, 11.4, or 11.5 (fix IDs provided in the IBM bulletin). No...
CVE-2022-43903
CVE-2022-43903 affects IBM Security Guardium versions 10.6, 11.3, and 11.4, where an authenticated user could cause a denial of service due to improper input validation. The Red Hat bulletin also references Guardium with the same CVE. Remediation is available via IBM Fix Central/Fixes for the aff...
CVE-2021-29773
CVE-2021-29773 affects IBM Security Guardium 10.6 and 11.3, due to an insecure direct object vulnerability (IDOR) that could allow a remote authenticated attacker to obtain sensitive information or modify user details. The IBM Security bulletin indicates these vulnerabilities are fixed in specifi...
CVE-2021-39077
CVE-2021-39077 affects IBM Security Guardium 10.5, 10.6, 11.0–11.4. The root cause is that Guardium stores user credentials in plaintext, allowing a local privileged user to read them. This vulnerability is documented in IBM/Red Hat advisories and is assigned an X-Force ID of 215587. Remediation ...
CVE-2025-25026
CVE-2025-25026 affects IBM Guardium Data Protection (IBM Guardium Data Protection 12.0; also listed for 12.1 in the bulletin). Root cause: an incorrect authentication check allows an authenticated user to obtain sensitive information (information disclosure). CVSS: 4.3 (Med) with Network attack v...
CVE-2024-49336
IBM Security Guardium is affected by CVE-2024-49336 (SSRF) affecting versions 11.5, 12.0, and 12.1. The vulnerability enables an authenticated attacker to cause the system to issue unauthorized requests, potentially enabling network enumeration or related attacks. IBM’s advisory notes remediation...
CVE-2025-25025
Summary: CVE-2025-25025 affects IBM Guardium Data Protection (notably version 12.0, with 12.1 also listed). The issue is an information-disclosure vulnerability caused by returning a detailed technical error message in the browser, which can enable a remote attacker to obtain sensitive informatio...
CVE-2023-47710
CVE-2023-47710 affects IBM Security Guardium 11.4, 11.5, and 12.0. The flaw is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially changing functionality and leading to credentials disclosure within a trusted session. Root cause stems f...
CVE-2017-1261
CVE-2017-1261 affects IBM Security Guardium. The vulnerability arises from Guardium storing potentially sensitive information in log files, which a local attacker could read. Affected product versions include Guardium 10.0, 10.0.1, 10.1, 10.1.2, and 10.1.3. IBM provides a fix (Remediation/First F...
CVE-2022-43910
CVE-2022-43910 affects IBM Security Guardium 11.3. Local user privilege escalation due to improper permission controls. IBM notes multiple Guardium advisories; exploitation status not specified in the provided documents. Remediation references include updating to newer Guardium versions (11.4/11....
CVE-2025-25029
CVE-2025-25029 affects IBM Guardium Data Protection (12.0 and 12.1). A privileged user could download any file on the system due to improper escaping of input. The IBM bulletin lists fixes for 12.0 (SqlGuard_12.0p40_Bundle) and 12.1 (SqlGuard_12.0p120_Bundle) and recommends updating. Connected so...
CVE-2022-43906
IBM Security Guardium 11.5 is affected by CVE-2022-43906 due to a missing or insecure SameSite attribute on a sensitive cookie, which could disclose sensitive information. The issue has been addressed by IBM; remediation involves updating to a patched release and applying the provided fix guidanc...
CVE-2017-1598
IBM Security Guardium Database Activity Monitor (V10.0–10.1.3) is affected by use of weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Root cause: cryptographic weakness in the product’s crypto implementation. Impact: potential confidentiality b...
CVE-2017-1257
Summary: CVE-2017-1257 concerns an information disclosure in IBM Security Guardium. The vulnerability affects Guardium 10.x (notably 10.0, 10.0.x, 10.1, 10.1.x) where sensitive data can be disclosed to unauthorized users. The root cause is an information exposure weakness in Guardium that could e...
CVE-2017-1269
The CVE-2017-1269 issue affects IBM Security Guardium v10.0, 10.0.1, 10.1, 10.1.2, and 10.1.3. It is a SQL injection vulnerability that could allow a remote attacker to view, add, modify, or delete data in the back-end database by sending specially crafted SQL statements. The root cause is SQL in...
CVE-2016-0298
IBM Security Guardium Database Activity Monitor v10 prior to 10.0p100 is affected by CVE-2016-0298, a directory traversal vulnerability allowing an authenticated remote user to read arbitrary files via a crafted URL. Root cause: improper handling of URL paths leading to directory traversal. Impac...
CVE-2016-6065
CVE-2016-6065 affects IBM Security Guardium Database Activity Monitor appliances. A local user could inject commands that are executed as root due to an injection flaw in the appliance. Affected products/versions identified by IBM include Guardium Database Activity Monitor v8.2, v9, v9.1, v9.5, a...
CVE-2017-1595
IBM Security Guardium Database Activity Monitor (Guardium) is affected by CVE-2017-1595, a local information disclosure vulnerability. The IBM Security Guardium Database Activity Monitor product family (V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3) could allow a local attacker to obtain highly sensitive i...
CVE-2021-20385
CVE-2021-20385 affects IBM Security Guardium 11.2, where a remote authenticated attacker could execute arbitrary commands via a specially crafted request. The primary sources confirm the vulnerability in Guardium and assign an IBM X-Force ID 195766, with a high impact indication in the CVSS metri...
CVE-2017-1254
CVE-2017-1254 affects IBM Security Guardium: XML External Entity (XXE) processing vulnerability in Guardium 10.x. A remote attacker could exploit XXE to access sensitive data or exhaust memory during XML processing. Root cause: improper handling of external entities in XML parsing. Impact per sou...
CVE-2017-1267
CVE-2017-1267 affects IBM Security Guardium. The IBM security bulletin confirms a vulnerability where Guardium processes patches, image backups and other updates without adequately verifying the origin and integrity of the code. Affected are Guardium versions 9.0, 9.1, 9.5 and 10.0, 10.0.1, 10.1,...
CVE-2017-1271
Summary: CVE-2017-1271 affects IBM Security Guardium and relates to not selecting the strongest mutual algorithm during negotiation. Affected products/versions: Guardium 9.0, 9.1, 9.5 (and 10.0+ up to 10.1.3 per IBM bulletin). Root cause: negotiation allows weaker algorithms (encryption/authentic...
CVE-2017-1253
CVE-2017-1253 affects IBM Security Guardium up to version 10.x, where a remote authenticated attacker could execute arbitrary commands via a specially crafted request due to an OS command injection vulnerability. The IBM Security Guardium bulletin confirms affected releases (including 9.0–9.5 and...
CVE-2017-1264
CVE-2017-1264 is an IBM Security Guardium vulnerability (Improper Authentication) described by IBM as affecting Guardium 9.0, 9.1, 9.5 and 10.0, 10.0.1, 10.1, 10.1.2. The root cause is insufficient verification of a user’s identity, which can allow exposure of resources or functionality to uninte...
CVE-2017-1596
The CVE-2017-1596 entry affects IBM Security Guardium Database Activity Monitor (V10.0 to 10.1.3). It describes a local disclosure vulnerability in which a local attacker could obtain highly sensitive information via unspecified vectors. The IBM security bulletin confirms affected versions: 10.0,...
CVE-2017-1597
CVE-2017-1597 affects IBM Security Guardium Database Activity Monitor versions 10.0–10.5. The root cause is a default weak password policy (no requirement for strong passwords), which can enable account compromise. Official advisories estimate CVSSv3 base score 7.5 (High) with impact on confident...
CVE-2017-1600
IBM Security Guardium Database Activity Monitor is affected by CVE-2017-1600, a cross-site scripting vulnerability in the Web UI. The vulnerability allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affected products/versions include Gua...