CVE-2018-1369
Description
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters, leading to information disclosure via server logs, referrer headers, or browser history.
Vulnerability
IBM Security Guardium Big Data Intelligence (SonarG) versions 3.1 and earlier store sensitive information in URL parameters. This allows unauthorized parties to access this data if they have access to the URLs via server logs, referrer headers, or browser history [1].
Exploitation
An attacker with access to server logs, referrer headers, or browser history can view the sensitive information included in URLs. The attack requires no authentication (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) and can be performed remotely [1].
Impact
Successful exploitation leads to disclosure of sensitive information that was stored in URL parameters. The confidentiality impact is low, with no integrity or availability impact [1].
Mitigation
IBM has addressed this vulnerability in a security fix. Organizations should apply the fix as specified in the IBM advisory [1]. No workarounds are available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 3.1
- IBM/Security Guardium Big Data Intelligencev5Range: 3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- exchange.xforce.ibmcloud.com/vulnerabilities/137767mitrevdb-entryx_refsource_XF
News mentions
0No linked articles in our index yet.