Security Guardium@10.0.1 Security Vulnerabilities and Issues — Security Guardium@10.0.1 CVE List

Lucene search

IbmSecurity Guardium10.0.1

19 matches found

CVE•added 2017/12/20 6:29 p.m.•50 views

CVE-2017-1262

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web ...

6.1CVSS6.1AI score0.0032EPSS

CVE•added 2017/12/20 6:29 p.m.•49 views

CVE-2017-1598

IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611.

7.5CVSS7.2AI score0.00122EPSS

CVE•added 2017/12/20 6:29 p.m.•47 views

CVE-2017-1261

IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.

3.3CVSS3.4AI score0.00047EPSS

CVE•added 2017/02/01 8:59 p.m.•46 views

CVE-2016-6065

IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.

7.8CVSS7.4AI score0.00076EPSS

CVE•added 2017/07/05 6:29 p.m.•44 views

CVE-2017-1254

IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634.

7.1CVSS6.8AI score0.00465EPSS

CVE•added 2017/12/20 6:29 p.m.•44 views

CVE-2017-1595

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.

5.5CVSS4.9AI score0.00053EPSS

CVE•added 2017/07/21 8:29 p.m.•43 views

CVE-2017-1267

IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742.

7.5CVSS7.3AI score0.0078EPSS

CVE•added 2017/07/05 1:29 p.m.•43 views

CVE-2017-1269

IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744

9.8CVSS9.4AI score0.00675EPSS

CVE•added 2017/12/20 6:29 p.m.•43 views

CVE-2017-1596

IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.

5.5CVSS4.9AI score0.00053EPSS

CVE•added 2017/07/05 6:29 p.m.•42 views

CVE-2017-1253

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.

9.9CVSS9.1AI score0.01355EPSS

CVE•added 2017/12/20 6:29 p.m.•42 views

CVE-2017-1257

IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.

4.3CVSS4.4AI score0.0023EPSS

CVE•added 2017/12/20 6:29 p.m.•42 views

CVE-2017-1600

IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...

5.4CVSS5.2AI score0.00227EPSS

CVE•added 2017/04/20 9:59 p.m.•41 views

CVE-2017-1122

IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174.

7.4CVSS7.2AI score0.00049EPSS

CVE•added 2017/07/05 1:29 p.m.•41 views

CVE-2017-1256

IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124678

6.1CVSS5.8AI score0.0032EPSS

CVE•added 2017/12/20 6:29 p.m.•41 views

CVE-2017-1266

IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.

5.5CVSS5.1AI score0.00086EPSS

CVE•added 2017/12/20 6:29 p.m.•41 views

CVE-2017-1757

IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.

8.8CVSS8.6AI score0.01075EPSS

CVE•added 2017/07/05 6:29 p.m.•39 views

CVE-2017-1264

IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739.

7.5CVSS7.2AI score0.00253EPSS

CVE•added 2017/12/20 6:29 p.m.•38 views

CVE-2017-1270

IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745.

3.3CVSS3.9AI score0.00053EPSS

CVE•added 2017/07/05 1:29 p.m.•35 views

CVE-2017-1258

IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685

6.5CVSS6.5AI score0.00178EPSS