22 matches found
CVE-2019-4311
CVE-2019-4311 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0. The vulnerability is an information-disclosure flaw that allows unauthorized users to access sensitive information, potentially enabling further attacks. The vulnerability is documented with CVSS v3.1 base score 5.3 (...
CVE-2019-4330
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 is affected by CVE-2019-4330: cookies in HTTPS sessions may lack the Secure attribute, potentially allowing cookies to be sent in plaintext over HTTP. Affected product/version: SonarG 4.0. Root cause: missing secure attribute on cookies. Im...
CVE-2019-4329
CVE-2019-4329 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0. The issue arises from incomplete blacklisting in input validation, enabling bypass of application controls and potential impact to system integrity. Public sources (IBM advisory) confirm affected version 4.0 and provi...
CVE-2019-4309
CVE-2019-4309 affects IBM Security Guardium Big Data Intelligence (SonarG) v4.0 and is caused by hard-coded credentials, enabling a local user to obtain highly sensitive information. The vulnerability is documented in IBM advisories and CVSS scores range from 5.5 (3.1) / 5.9 (3.0)MEDIUM, with loc...
CVE-2019-4339
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 is affected by CVE-2019-4339 due to use of weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The vendor bulletin lists 4.0 as affected and provides a remediation: upgrade to the 4.1.0 inst...
CVE-2019-4307
CVE-2019-4307 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0. The vulnerability arises from storing user credentials in plaintext, which can be read by a local user, leading to local information disclosure. Connected sources corroborate the affected product/version and the plain...
CVE-2019-4306
CVE-2019-4306 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0. The vulnerability arises from permissions configured on a security-critical resource, enabling exposure of sensitive information and potential modification by unintended parties (impacting confidentiality and integrit...
CVE-2019-4314
CVE-2019-4314 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0, where sensitive data is stored in cleartext within a resource that may be accessible across control spheres, enabling information disclosure. The NVD entry lists CVSSv3 base score 7.5 (HIGH) with network attack vector...
CVE-2018-1372
CVE-2018-1372 affects IBM Security Guardium Big Data Intelligence (SonarG) 3.1. The vulnerability arises from a default weak password policy, permitting account compromise without strong passwords by default. IBM’s advisory references a remediation to version 3.2, indicating an updated password p...
CVE-2019-4338
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is affected by CVE-2019-4338 due to improper restriction of resource size/amount requested or influenced by an actor, enabling resource consumption and potential denial of service. Affected component: Guardium Big Data Intelligence 4.0 (Son...
CVE-2019-4340
CVE-2019-4340 affects IBM Security Guardium Big Data Intelligence (SonarG) v4.0. It is an XML External Entity (XXE) vulnerability in XML processing that can allow a remote attacker to disclose sensitive data or exhaust memory resources. Affected product/version: Guardium Big Data Intelligence 4.0...
CVE-2017-1774
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is affected by an information disclosure vulnerability (CVE-2017-1774). The IBM bulletin confirms that the product version 3.1 discloses sensitive information to unauthorized users, enabling potential follow‑on attacks. CVSS v3 base score 5...
CVE-2018-1373
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is affected by an Invalid Account Lockout vulnerability (CVE-2018-1373). The issue arises from an inadequate account lockout setting, enabling a remote attacker to brute-force credentials. IBM’s bulletin lists the affected product as SonarG...
CVE-2019-4310
CVE-2019-4310 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0. The issue is an inadequate account lockout setting that could allow a remote attacker to brute-force credentials over the network. Components/versions explicitly named: Guardium Big Data Intelligence 4.0 (SonarG). Imp...
CVE-2017-1768
CVE-2017-1768 affects IBM Security Guardium Big Data Intelligence (SonarG) version 3.1 . The issue is an application error that generates messages including sensitive information about the environment, users, or data, leading to partial confidentiality impact (CVSS 3.0/4.3). The IBM bulletin list...
CVE-2018-1369
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 contains a vulnerability where sensitive information is stored in URL parameters, enabling potential information disclosure via server logs, referrer headers, or browser history. The issue affects SonarG 3.1 and is documented as CVE-2018-13...
CVE-2018-1370
CVE-2018-1370 affects IBM Security Guardium Big Data Intelligence (SonarG) 3.1. The flaw is an incorrect permission assignment for a security-critical resource, allowing read/modify by unintended actors. The IBM bulletin lists a CVSS v3 base score of 4.2 and notes remediation is to upgrade to an ...
CVE-2018-1376
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting in the Web UI, potentially allowing an attacker to embed arbitrary JavaScript and lead to credentials disclosure within a trusted session. The CVE is identified as CVE-2018-1376 with a CVSS v3 base scor...
CVE-2018-1375
CVE-2018-1375 affects IBM Security Guardium Big Data Intelligence (SonarG) 3.1. The issue is that a session variable is not renewed after successful authentication, which could enable session fixation/hijacking by forcing a user to use a cookie potentially known to an attacker (IBM X-Force ID: 13...
CVE-2018-1425
CVE-2018-1425 affects IBM Security Guardium Big Data Intelligence (SonarG) 3.1, which uses weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The IBM Security Guardium Big Data Intelligence (SonarG) product is listed as affected wit...
CVE-2020-4254
IBM Security Guardium Big Data Intelligence (SonarG) 1.0 is affected by CVE-2020-4254 due to weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The IBM Security Guardium Big Data Intelligence product was specifically affected (versi...
CVE-2018-1377
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plaintext, exposing them to a local attacker (CVE-2018-1377). CVSSv3 base score 7.8 (HIGH) with local access and impact to confidentiality, integrity, and availability. IBM’s remediation is in version 3.2 ; upgrad...