Vulnerabilities > IBM > Guardium FOR Cloud KEY Management > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-26 CVE-2019-4701 Unspecified vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points.
network
low complexity
ibm
5.3
2020-08-26 CVE-2019-4697 Insufficiently Protected Credentials vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-522
6.5
2020-08-26 CVE-2019-4693 Insufficiently Protected Credentials vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user.
local
low complexity
ibm CWE-522
4.4
2020-08-26 CVE-2019-4692 Unspecified vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users.
network
low complexity
ibm
5.3
2020-08-26 CVE-2019-4691 Cross-site Scripting vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2020-08-26 CVE-2019-4688 Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-565
4.3
2020-08-26 CVE-2019-4686 Missing Encryption of Sensitive Data vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-311
5.3