24 matches found
CVE-2020-4173
CVE-2020-4173 affects IBM Guardium Activity Insights 10.6 and 11.0. The issue is that authorization tokens and session cookies are missing the secure attribute, allowing cookie values to be captured if a user visits an http link or a site containing one. Impact is exposure of cookies via network ...
CVE-2020-4172
CVE-2020-4172 affects IBM Security Guardium Insights 2.0.1, where sensitive information is stored in URL parameters. The underlying issue is information disclosure if unauthorized parties can access URLs through server logs, referrer headers, or browser history. The public documents confirm this ...
CVE-2021-29845
Summary: CVE-2021-29845 affects IBM Security Guardium Insights 3.0 due to an input validation error. An authenticated user could perform unauthorized actions because the blacklist filtering mechanism is not strict. The issue is documented across multiple feeds (NVD entry and CNVD/CNNVD references...
CVE-2020-4167
Summary: CVE-2020-4167 affects IBM Security Guardium Insights 2.0.1. The vulnerability stems from improper authentication, allowing an attacker to obtain sensitive information or perform unauthorized actions. The IBM bulletin lists 2.0.1 as affected and notes remediation via upgrading to Version ...
CVE-2020-4595
IBM Security Guardium Insights 2.0.2 is affected by a cryptographic weakness where weaker-than-expected algorithms could allow an attacker to decrypt highly sensitive information. The vulnerability is tied to Guardium Insights 2.0.2 (Vulnerable component: cryptographic implementation) and could e...
CVE-2021-29846
CVE-2021-29846 affects IBM Security Guardium Insights 3.0. The issue is caused by insufficient session expiration, allowing an authenticated user to obtain sensitive information. The conviction is limited to information disclosure under authenticated access; no remote exploit details are provided...
CVE-2020-4166
CVE-2020-4166 affects IBM Security Guardium Insights 2.0.1 and is described as an information disclosure vulnerability where a detailed error message returned in the browser could leak sensitive information. Affected component is the web UI error handling that reveals data potentially useful for ...
CVE-2020-4165
IBM Security Guardium Insights 2.0.1 is affected by CVE-2020-4165 (clickjacking). A remote attacker could lure a user to a malicious site and hijack the victim’s clicking actions, potentially enabling further attacks. IBM’s bulletin indicates that Guardium Insights has addressed this vulnerabilit...
CVE-2021-29838
CVE-2021-29838 affects IBM Security Guardium Insights 3.0. Root cause: failure to properly enable HTTP Strict Transport Security, enabling information disclosure via man‑in‑the‑middle techniques. Vulnerable component: Guardium Insights 3.0, exposure of sensitive data in transit. Impact as describ...
CVE-2020-4169
CVE-2020-4169 affects IBM Security Guardium Insights 2.0.1, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Root cause: insufficient cryptographic protection as described in IBM X-Force entry; impact is confidentiality loss. Rem...
CVE-2020-4170
CVE-2020-4170 affects IBM Security Guardium Insights 2.0.1 and is a Cross-Site Request Forgery vulnerability. The IBM Security bulletin confirms the issue and notes a remediation/fix for Guardium Insights 2.0.1 with a first fix available via IBM Passport Advantage, indicating an addressed vulnera...
CVE-2020-4597
CVE-2020-4597 affects IBM Security Guardium Insights 2.0.2. The issue is that authorization tokens and session cookies are not marked Secure, allowing cookie exposure via http links or malicious sites and potential traffic snooping. Impact is limited to exposed cookies; no exploit details are pro...
CVE-2020-4174
IBM Security Guardium Insights 2.0.1 is affected by CVE-2020-4174, where weaker than expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The NVD entry and IBM bulletin confirm the affected product/version and that the issue involves cryptographic wea...
CVE-2020-4596
CVE-2020-4596 affects IBM Security Guardium Insights 2.0.2. The description from NVD indicates the vulnerability arises from weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Connected records corroborate the impact on this produ...
CVE-2020-4600
Summary: CVE-2020-4600 affects IBM Security Guardium Insights 2.0.2. A remote attacker could obtain sensitive information from detailed technical error messages returned in the browser, enabling further attacks. The vulnerability is described in multiple sources as an information-disclosure issue...
CVE-2020-4594
IBM Security Guardium Insights 2.0.2 is affected by CVE-2020-4594, which describes the use of weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The vulnerability is associated with Guardium Insights 2.0.2 and is reflected in multip...
CVE-2020-4603
CVE-2020-4603 affects IBM Security Guardium Insights 2.0.1, where an operation is performed at a privilege level higher than the minimum required, potentially amplifying other weaknesses (IBM X-Force ID 184880). The IBM bulletin for Guardium Insights lists this among multiple vulnerabilities and ...
CVE-2020-4171
IBM Security Guardium Insights 2.0.1 contains a local storage Information Disclosure vulnerability where web pages can be stored locally and read by other users on the same system. This is described in CVE-2020-4171 and is supported by vendor references (IBM Security Guardium Insights 2.0.1). Imp...
CVE-2020-4598
CVE-2020-4598 affects IBM Security Guardium Insights 2.0.1. The vulnerability is an open redirect that could be exploited by a remote attacker to spoof the displayed URL and redirect victims to a malicious site, enabling phishing and potentially exposing sensitive information. Root cause: open re...
CVE-2020-4175
Summary: CVE-2020-4175 affects IBM Security Guardium Insights 2.0.1 (and related 2.0 releases). The root cause is failure to properly enable HTTP Strict Transport Security, which could allow a remote attacker to obtain sensitive information via man-in-the-middle techniques. Impact: data disclosur...
CVE-2020-4602
CVE-2020-4602 concerns IBM Security Guardium Insights 2.0.2, where a vulnerability arises from storing user credentials in clear text, allowing read access by a local user. The connected documents corroborate an information-disclosure risk tied to plaintext credential storage for Guardium Insight...
CVE-2020-4599
CVE-2020-4599 affects IBM Security Guardium Insights 2.0.2. The vulnerability is an information disclosure via detailed technical error messages returned in the browser, enabling a remote attacker to obtain sensitive information that could aid further attacks. Affected product/version: IBM Securi...
CVE-2020-4604
Summary: CVE-2020-4604 affects IBM Security Guardium Insights 2.0.2, where user credentials are stored in plaintext and readable by a local privileged user, constituting an information disclosure vulnerability. Affected product: IBM Security Guardium Insights 2.0.2. Root cause / what is vulnerabl...
CVE-2020-4593
IBM Security Guardium Insights 2.0.1 stores user credentials in plain text readable by a local user, exposing confidential data. Root cause: improper credential storage. Impact: confidentiality impact is high (local access, no user interaction). The IBM bulletin notes the vulnerability has been a...