Lucene search
K
IbmSecurity Guardium Big Data Intelligence

22 matches found

CVE
CVE
added 2019/10/28 11:36 p.m.77 views

CVE-2019-4311

CVE-2019-4311 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0. The vulnerability is an information-disclosure flaw that allows unauthorized users to access sensitive information, potentially enabling further attacks. The vulnerability is documented with CVSS v3.1 base score 5.3 (...

5.3CVSS4.8AI score0.01245EPSS
CVE
CVE
added 2019/10/28 11:36 p.m.74 views

CVE-2019-4330

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 is affected by CVE-2019-4330: cookies in HTTPS sessions may lack the Secure attribute, potentially allowing cookies to be sent in plaintext over HTTP. Affected product/version: SonarG 4.0. Root cause: missing secure attribute on cookies. Im...

4.3CVSS4.3AI score0.01116EPSS
CVE
CVE
added 2019/10/28 11:36 p.m.73 views

CVE-2019-4329

CVE-2019-4329 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0. The issue arises from incomplete blacklisting in input validation, enabling bypass of application controls and potential impact to system integrity. Public sources (IBM advisory) confirm affected version 4.0 and provi...

4.3CVSS4.5AI score0.00897EPSS
CVE
CVE
added 2019/10/28 11:36 p.m.72 views

CVE-2019-4309

CVE-2019-4309 affects IBM Security Guardium Big Data Intelligence (SonarG) v4.0 and is caused by hard-coded credentials, enabling a local user to obtain highly sensitive information. The vulnerability is documented in IBM advisories and CVSS scores range from 5.5 (3.1) / 5.9 (3.0)MEDIUM, with loc...

5.9CVSS5.1AI score0.00279EPSS
CVE
CVE
added 2019/10/28 11:36 p.m.71 views

CVE-2019-4339

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 is affected by CVE-2019-4339 due to use of weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The vendor bulletin lists 4.0 as affected and provides a remediation: upgrade to the 4.1.0 inst...

7.5CVSS7.2AI score0.00976EPSS
CVE
CVE
added 2019/10/28 11:36 p.m.69 views

CVE-2019-4307

CVE-2019-4307 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0. The vulnerability arises from storing user credentials in plaintext, which can be read by a local user, leading to local information disclosure. Connected sources corroborate the affected product/version and the plain...

5.5CVSS5AI score0.00279EPSS
CVE
CVE
added 2019/10/28 11:36 p.m.68 views

CVE-2019-4306

CVE-2019-4306 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0. The vulnerability arises from permissions configured on a security-critical resource, enabling exposure of sensitive information and potential modification by unintended parties (impacting confidentiality and integrit...

6.5CVSS6.1AI score0.01023EPSS
CVE
CVE
added 2019/10/28 11:36 p.m.68 views

CVE-2019-4314

CVE-2019-4314 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0, where sensitive data is stored in cleartext within a resource that may be accessible across control spheres, enabling information disclosure. The NVD entry lists CVSSv3 base score 7.5 (HIGH) with network attack vector...

7.5CVSS7AI score0.00976EPSS
CVE
CVE
added 2018/02/27 5:0 p.m.53 views

CVE-2018-1372

CVE-2018-1372 affects IBM Security Guardium Big Data Intelligence (SonarG) 3.1. The vulnerability arises from a default weak password policy, permitting account compromise without strong passwords by default. IBM’s advisory references a remediation to version 3.2, indicating an updated password p...

9.8CVSS8.9AI score0.02197EPSS
CVE
CVE
added 2019/08/20 7:30 p.m.49 views

CVE-2019-4338

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is affected by CVE-2019-4338 due to improper restriction of resource size/amount requested or influenced by an actor, enabling resource consumption and potential denial of service. Affected component: Guardium Big Data Intelligence 4.0 (Son...

7.5CVSS7.2AI score0.01726EPSS
CVE
CVE
added 2019/08/20 7:30 p.m.46 views

CVE-2019-4340

CVE-2019-4340 affects IBM Security Guardium Big Data Intelligence (SonarG) v4.0. It is an XML External Entity (XXE) vulnerability in XML processing that can allow a remote attacker to disclose sensitive data or exhaust memory resources. Affected product/version: Guardium Big Data Intelligence 4.0...

8.2CVSS8AI score0.02427EPSS
CVE
CVE
added 2018/02/26 2:0 p.m.44 views

CVE-2017-1774

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is affected by an information disclosure vulnerability (CVE-2017-1774). The IBM bulletin confirms that the product version 3.1 discloses sensitive information to unauthorized users, enabling potential follow‑on attacks. CVSS v3 base score 5...

5.3CVSS4.8AI score0.01702EPSS
CVE
CVE
added 2018/03/02 5:0 p.m.43 views

CVE-2018-1373

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is affected by an Invalid Account Lockout vulnerability (CVE-2018-1373). The issue arises from an inadequate account lockout setting, enabling a remote attacker to brute-force credentials. IBM’s bulletin lists the affected product as SonarG...

9.8CVSS8.8AI score0.031EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.43 views

CVE-2019-4310

CVE-2019-4310 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0. The issue is an inadequate account lockout setting that could allow a remote attacker to brute-force credentials over the network. Components/versions explicitly named: Guardium Big Data Intelligence 4.0 (SonarG). Imp...

7.5CVSS7.2AI score0.02204EPSS
CVE
CVE
added 2018/05/29 1:0 p.m.42 views

CVE-2017-1768

CVE-2017-1768 affects IBM Security Guardium Big Data Intelligence (SonarG) version 3.1 . The issue is an application error that generates messages including sensitive information about the environment, users, or data, leading to partial confidentiality impact (CVSS 3.0/4.3). The IBM bulletin list...

4.3CVSS4.3AI score0.01378EPSS
CVE
CVE
added 2018/05/29 1:0 p.m.42 views

CVE-2018-1369

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 contains a vulnerability where sensitive information is stored in URL parameters, enabling potential information disclosure via server logs, referrer headers, or browser history. The issue affects SonarG 3.1 and is documented as CVE-2018-13...

4.3CVSS3.8AI score0.01065EPSS
CVE
CVE
added 2018/05/29 1:0 p.m.42 views

CVE-2018-1370

CVE-2018-1370 affects IBM Security Guardium Big Data Intelligence (SonarG) 3.1. The flaw is an incorrect permission assignment for a security-critical resource, allowing read/modify by unintended actors. The IBM bulletin lists a CVSS v3 base score of 4.2 and notes remediation is to upgrade to an ...

6.5CVSS5.1AI score0.00617EPSS
CVE
CVE
added 2018/05/29 1:0 p.m.40 views

CVE-2018-1376

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting in the Web UI, potentially allowing an attacker to embed arbitrary JavaScript and lead to credentials disclosure within a trusted session. The CVE is identified as CVE-2018-1376 with a CVSS v3 base scor...

6.1CVSS5.8AI score0.00894EPSS
CVE
CVE
added 2018/05/29 1:0 p.m.39 views

CVE-2018-1375

CVE-2018-1375 affects IBM Security Guardium Big Data Intelligence (SonarG) 3.1. The issue is that a session variable is not renewed after successful authentication, which could enable session fixation/hijacking by forcing a user to use a cookie potentially known to an attacker (IBM X-Force ID: 13...

7.5CVSS7.3AI score0.02032EPSS
CVE
CVE
added 2018/02/27 5:0 p.m.39 views

CVE-2018-1425

CVE-2018-1425 affects IBM Security Guardium Big Data Intelligence (SonarG) 3.1, which uses weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The IBM Security Guardium Big Data Intelligence (SonarG) product is listed as affected wit...

5.9CVSS5.5AI score0.01115EPSS
CVE
CVE
added 2020/10/16 4:40 p.m.37 views

CVE-2020-4254

IBM Security Guardium Big Data Intelligence (SonarG) 1.0 is affected by CVE-2020-4254 due to weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The IBM Security Guardium Big Data Intelligence product was specifically affected (versi...

7.5CVSS7.2AI score0.00792EPSS
CVE
CVE
added 2018/02/26 2:0 p.m.36 views

CVE-2018-1377

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plaintext, exposing them to a local attacker (CVE-2018-1377). CVSSv3 base score 7.8 (HIGH) with local access and impact to confidentiality, integrity, and availability. IBM’s remediation is in version 3.2 ; upgrad...

7.8CVSS7AI score0.00326EPSS