Vulnerabilities > IBM > Guardium FOR Cloud KEY Management

DATE CVE VULNERABILITY TITLE RISK
2020-08-26 CVE-2019-4713 Unspecified vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm
8.8
2020-08-26 CVE-2019-4701 Unspecified vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points.
network
low complexity
ibm
5.3
2020-08-26 CVE-2019-4699 Information Exposure Through an Error Message vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data.
network
low complexity
ibm CWE-209
2.7
2020-08-26 CVE-2019-4698 Weak Password Requirements vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
2020-08-26 CVE-2019-4697 Insufficiently Protected Credentials vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-522
6.5
2020-08-26 CVE-2019-4694 Use of Hard-coded Credentials vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
9.8
2020-08-26 CVE-2019-4693 Insufficiently Protected Credentials vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user.
local
low complexity
ibm CWE-522
4.4
2020-08-26 CVE-2019-4692 Unspecified vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users.
network
low complexity
ibm
5.3
2020-08-26 CVE-2019-4691 Cross-site Scripting vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2020-08-26 CVE-2019-4689 Cleartext Transmission of Sensitive Information vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
low complexity
ibm CWE-319
7.5