Security Guardium
by IBM
CVEs (137)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-39077 | 0.00 | — | 0.00 | Nov 3, 2022 | IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. | |||
| CVE-2021-39074 | 0.00 | — | 0.01 | Jun 29, 2022 | IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||
| CVE-2021-39078 | 0.00 | — | 0.00 | Apr 19, 2022 | IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589. | |||
| CVE-2021-39076 | 0.00 | — | 0.01 | Apr 19, 2022 | IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585. | |||
| CVE-2021-39072 | 0.00 | — | 0.01 | Apr 19, 2022 | IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM… | |||
| CVE-2021-29846 | 0.00 | — | 0.01 | Jan 26, 2022 | IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256. | |||
| CVE-2021-29845 | 0.00 | — | 0.01 | Jan 26, 2022 | IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255. | |||
| CVE-2021-29838 | 0.00 | — | 0.01 | Jan 26, 2022 | IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | |||
| CVE-2021-29735 | 0.00 | — | 0.00 | Nov 8, 2021 | IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a… | |||
| CVE-2021-20377 | 0.00 | — | 0.01 | Sep 23, 2021 | IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569. | |||
| CVE-2020-4690 | 0.00 | — | 0.01 | Sep 23, 2021 | IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697. | |||
| CVE-2021-29773 | 0.00 | — | 0.01 | Sep 15, 2021 | IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865. | |||
| CVE-2021-20433 | 0.00 | — | 0.01 | Sep 15, 2021 | IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345. | |||
| CVE-2021-20427 | 0.00 | — | 0.01 | Aug 11, 2021 | IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314. | |||
| CVE-2021-20420 | 0.00 | — | 0.01 | Aug 11, 2021 | IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281. | |||
| CVE-2021-20418 | 0.00 | — | 0.01 | Aug 11, 2021 | IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279. | |||
| CVE-2021-20557 | 0.00 | — | 0.03 | May 24, 2021 | IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184. | |||
| CVE-2021-20428 | 0.00 | — | 0.01 | May 24, 2021 | IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196315. | |||
| CVE-2021-20426 | 0.00 | — | 0.01 | May 24, 2021 | IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196313. | |||
| CVE-2021-20419 | 0.00 | — | 0.01 | May 24, 2021 | IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280. |
- CVE-2021-39077Nov 3, 2022risk 0.00cvss —epss 0.00
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.
- CVE-2021-39074Jun 29, 2022risk 0.00cvss —epss 0.01
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
- CVE-2021-39078Apr 19, 2022risk 0.00cvss —epss 0.00
IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589.
- CVE-2021-39076Apr 19, 2022risk 0.00cvss —epss 0.01
IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585.
- CVE-2021-39072Apr 19, 2022risk 0.00cvss —epss 0.01
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM…
- CVE-2021-29846Jan 26, 2022risk 0.00cvss —epss 0.01
IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256.
- CVE-2021-29845Jan 26, 2022risk 0.00cvss —epss 0.01
IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255.
- CVE-2021-29838Jan 26, 2022risk 0.00cvss —epss 0.01
IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- CVE-2021-29735Nov 8, 2021risk 0.00cvss —epss 0.00
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…
- CVE-2021-20377Sep 23, 2021risk 0.00cvss —epss 0.01
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.
- CVE-2020-4690Sep 23, 2021risk 0.00cvss —epss 0.01
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.
- CVE-2021-29773Sep 15, 2021risk 0.00cvss —epss 0.01
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865.
- CVE-2021-20433Sep 15, 2021risk 0.00cvss —epss 0.01
IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345.
- CVE-2021-20427Aug 11, 2021risk 0.00cvss —epss 0.01
IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314.
- CVE-2021-20420Aug 11, 2021risk 0.00cvss —epss 0.01
IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281.
- CVE-2021-20418Aug 11, 2021risk 0.00cvss —epss 0.01
IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279.
- CVE-2021-20557May 24, 2021risk 0.00cvss —epss 0.03
IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184.
- CVE-2021-20428May 24, 2021risk 0.00cvss —epss 0.01
IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196315.
- CVE-2021-20426May 24, 2021risk 0.00cvss —epss 0.01
IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196313.
- CVE-2021-20419May 24, 2021risk 0.00cvss —epss 0.01
IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280.
Page 4 of 7