Vulnerabilities > IBM > Guardium Data Encryption > 3.0.0.2

DATE CVE VULNERABILITY TITLE RISK
2020-08-26 CVE-2019-4694 Use of Hard-coded Credentials vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
7.5
7.5
2020-08-26 CVE-2019-4693 Insufficiently Protected Credentials vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user.
local
low complexity
ibm CWE-522
2.1
2.1
2020-08-26 CVE-2019-4692 Information Exposure vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
5.0
5.0
2020-08-26 CVE-2019-4689 Information Exposure vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
low complexity
ibm CWE-200
5.0
5.0
2020-08-26 CVE-2019-4686 Information Exposure vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-200
5.0
5.0