Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-26 | CVE-2019-4701 | Information Exposure vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. | 5.0 |
| 2020-08-26 | CVE-2019-4699 | Information Exposure Through an Error Message vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. | 4.0 |
| 2020-08-26 | CVE-2019-4698 | Weak Password Requirements vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.0 |
| 2020-08-26 | CVE-2019-4697 | Insufficiently Protected Credentials vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. | 4.0 |
| 2020-08-26 | CVE-2019-4692 | Information Exposure vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. | 5.0 |
| 2020-08-26 | CVE-2019-4689 | Information Exposure vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.0 |
| 2020-08-26 | CVE-2019-4688 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-08-26 | CVE-2019-4686 | Information Exposure vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. | 5.0 |
| 2020-08-26 | CVE-2018-1501 | Missing Authentication for Critical Function vulnerability in IBM Security Guardium 10.5/10.6/11.0 IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. | 5.0 |
| 2020-08-24 | CVE-2020-4598 | Open Redirect vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |