Lucene search
K
IbmSecurity Guardium Insights

24 matches found

CVE
CVE
added 2020/07/09 7:5 p.m.70 views

CVE-2020-4173

CVE-2020-4173 affects IBM Guardium Activity Insights 10.6 and 11.0. The issue is that authorization tokens and session cookies are missing the secure attribute, allowing cookie values to be captured if a user visits an http link or a site containing one. Impact is exposure of cookies via network ...

4.3CVSS4.1AI score0.00921EPSS
CVE
CVE
added 2020/08/27 12:40 p.m.56 views

CVE-2020-4172

CVE-2020-4172 affects IBM Security Guardium Insights 2.0.1, where sensitive information is stored in URL parameters. The underlying issue is information disclosure if unauthorized parties can access URLs through server logs, referrer headers, or browser history. The public documents confirm this ...

5.3CVSS4.8AI score0.01177EPSS
CVE
CVE
added 2022/01/26 5:40 p.m.56 views

CVE-2021-29845

Summary: CVE-2021-29845 affects IBM Security Guardium Insights 3.0 due to an input validation error. An authenticated user could perform unauthorized actions because the blacklist filtering mechanism is not strict. The issue is documented across multiple feeds (NVD entry and CNVD/CNNVD references...

8.8CVSS8.1AI score0.00766EPSS
CVE
CVE
added 2020/08/27 12:40 p.m.55 views

CVE-2020-4167

Summary: CVE-2020-4167 affects IBM Security Guardium Insights 2.0.1. The vulnerability stems from improper authentication, allowing an attacker to obtain sensitive information or perform unauthorized actions. The IBM bulletin lists 2.0.1 as affected and notes remediation via upgrading to Version ...

6.5CVSS6AI score0.00953EPSS
CVE
CVE
added 2021/01/13 6:10 p.m.55 views

CVE-2020-4595

IBM Security Guardium Insights 2.0.2 is affected by a cryptographic weakness where weaker-than-expected algorithms could allow an attacker to decrypt highly sensitive information. The vulnerability is tied to Guardium Insights 2.0.2 (Vulnerable component: cryptographic implementation) and could e...

7.5CVSS7.1AI score0.00783EPSS
CVE
CVE
added 2022/01/26 5:40 p.m.55 views

CVE-2021-29846

CVE-2021-29846 affects IBM Security Guardium Insights 3.0. The issue is caused by insufficient session expiration, allowing an authenticated user to obtain sensitive information. The conviction is limited to information disclosure under authenticated access; no remote exploit details are provided...

4CVSS3.7AI score0.00603EPSS
CVE
CVE
added 2020/08/27 12:40 p.m.54 views

CVE-2020-4166

CVE-2020-4166 affects IBM Security Guardium Insights 2.0.1 and is described as an information disclosure vulnerability where a detailed error message returned in the browser could leak sensitive information. Affected component is the web UI error handling that reveals data potentially useful for ...

5.3CVSS5.4AI score0.01299EPSS
CVE
CVE
added 2020/08/24 3:30 p.m.53 views

CVE-2020-4165

IBM Security Guardium Insights 2.0.1 is affected by CVE-2020-4165 (clickjacking). A remote attacker could lure a user to a malicious site and hijack the victim’s clicking actions, potentially enabling further attacks. IBM’s bulletin indicates that Guardium Insights has addressed this vulnerabilit...

5.4CVSS5.3AI score0.00637EPSS
CVE
CVE
added 2022/01/26 5:40 p.m.53 views

CVE-2021-29838

CVE-2021-29838 affects IBM Security Guardium Insights 3.0. Root cause: failure to properly enable HTTP Strict Transport Security, enabling information disclosure via man‑in‑the‑middle techniques. Vulnerable component: Guardium Insights 3.0, exposure of sensitive data in transit. Impact as describ...

5.9CVSS5.7AI score0.01283EPSS
CVE
CVE
added 2020/08/27 12:40 p.m.49 views

CVE-2020-4169

CVE-2020-4169 affects IBM Security Guardium Insights 2.0.1, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Root cause: insufficient cryptographic protection as described in IBM X-Force entry; impact is confidentiality loss. Rem...

7.5CVSS7.2AI score0.00951EPSS
CVE
CVE
added 2020/08/24 3:30 p.m.49 views

CVE-2020-4170

CVE-2020-4170 affects IBM Security Guardium Insights 2.0.1 and is a Cross-Site Request Forgery vulnerability. The IBM Security bulletin confirms the issue and notes a remediation/fix for Guardium Insights 2.0.1 with a first fix available via IBM Passport Advantage, indicating an addressed vulnera...

4.3CVSS4.7AI score0.00403EPSS
CVE
CVE
added 2021/01/13 6:10 p.m.48 views

CVE-2020-4597

CVE-2020-4597 affects IBM Security Guardium Insights 2.0.2. The issue is that authorization tokens and session cookies are not marked Secure, allowing cookie exposure via http links or malicious sites and potential traffic snooping. Impact is limited to exposed cookies; no exploit details are pro...

4.3CVSS4.7AI score0.00623EPSS
CVE
CVE
added 2020/08/27 12:40 p.m.46 views

CVE-2020-4174

IBM Security Guardium Insights 2.0.1 is affected by CVE-2020-4174, where weaker than expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The NVD entry and IBM bulletin confirm the affected product/version and that the issue involves cryptographic wea...

7.5CVSS7.2AI score0.00951EPSS
CVE
CVE
added 2021/01/13 6:10 p.m.46 views

CVE-2020-4596

CVE-2020-4596 affects IBM Security Guardium Insights 2.0.2. The description from NVD indicates the vulnerability arises from weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Connected records corroborate the impact on this produ...

7.5CVSS7.1AI score0.00783EPSS
CVE
CVE
added 2021/01/13 6:10 p.m.46 views

CVE-2020-4600

Summary: CVE-2020-4600 affects IBM Security Guardium Insights 2.0.2. A remote attacker could obtain sensitive information from detailed technical error messages returned in the browser, enabling further attacks. The vulnerability is described in multiple sources as an information-disclosure issue...

5.3CVSS5.4AI score0.01284EPSS
CVE
CVE
added 2021/01/13 6:10 p.m.45 views

CVE-2020-4594

IBM Security Guardium Insights 2.0.2 is affected by CVE-2020-4594, which describes the use of weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The vulnerability is associated with Guardium Insights 2.0.2 and is reflected in multip...

7.5CVSS7.1AI score0.00783EPSS
CVE
CVE
added 2020/08/27 12:40 p.m.44 views

CVE-2020-4603

CVE-2020-4603 affects IBM Security Guardium Insights 2.0.1, where an operation is performed at a privilege level higher than the minimum required, potentially amplifying other weaknesses (IBM X-Force ID 184880). The IBM bulletin for Guardium Insights lists this among multiple vulnerabilities and ...

7.2CVSS6.8AI score0.00815EPSS
CVE
CVE
added 2020/08/27 12:40 p.m.43 views

CVE-2020-4171

IBM Security Guardium Insights 2.0.1 contains a local storage Information Disclosure vulnerability where web pages can be stored locally and read by other users on the same system. This is described in CVE-2020-4171 and is supported by vendor references (IBM Security Guardium Insights 2.0.1). Imp...

4.3CVSS3.9AI score0.01003EPSS
CVE
CVE
added 2020/08/24 3:30 p.m.43 views

CVE-2020-4598

CVE-2020-4598 affects IBM Security Guardium Insights 2.0.1. The vulnerability is an open redirect that could be exploited by a remote attacker to spoof the displayed URL and redirect victims to a malicious site, enabling phishing and potentially exposing sensitive information. Root cause: open re...

6.5CVSS5.8AI score0.00784EPSS
CVE
CVE
added 2020/08/27 12:40 p.m.42 views

CVE-2020-4175

Summary: CVE-2020-4175 affects IBM Security Guardium Insights 2.0.1 (and related 2.0 releases). The root cause is failure to properly enable HTTP Strict Transport Security, which could allow a remote attacker to obtain sensitive information via man-in-the-middle techniques. Impact: data disclosur...

5.9CVSS5.3AI score0.01605EPSS
CVE
CVE
added 2021/01/13 6:10 p.m.42 views

CVE-2020-4602

CVE-2020-4602 concerns IBM Security Guardium Insights 2.0.2, where a vulnerability arises from storing user credentials in clear text, allowing read access by a local user. The connected documents corroborate an information-disclosure risk tied to plaintext credential storage for Guardium Insight...

4.4CVSS5AI score0.00302EPSS
CVE
CVE
added 2021/01/13 6:10 p.m.41 views

CVE-2020-4599

CVE-2020-4599 affects IBM Security Guardium Insights 2.0.2. The vulnerability is an information disclosure via detailed technical error messages returned in the browser, enabling a remote attacker to obtain sensitive information that could aid further attacks. Affected product/version: IBM Securi...

5.3CVSS5.4AI score0.01284EPSS
CVE
CVE
added 2021/01/13 6:10 p.m.40 views

CVE-2020-4604

Summary: CVE-2020-4604 affects IBM Security Guardium Insights 2.0.2, where user credentials are stored in plaintext and readable by a local privileged user, constituting an information disclosure vulnerability. Affected product: IBM Security Guardium Insights 2.0.2. Root cause / what is vulnerabl...

4.4CVSS4.9AI score0.00192EPSS
CVE
CVE
added 2020/08/24 3:30 p.m.37 views

CVE-2020-4593

IBM Security Guardium Insights 2.0.1 stores user credentials in plain text readable by a local user, exposing confidential data. Root cause: improper credential storage. Impact: confidentiality impact is high (local access, no user interaction). The IBM bulletin notes the vulnerability has been a...

4.4CVSS4.3AI score0.00306EPSS