Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-26 CVE-2019-4697 Insufficiently Protected Credentials vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-522
6.5
6.5
2020-08-26 CVE-2019-4693 Insufficiently Protected Credentials vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user.
local
low complexity
ibm CWE-522
4.4
4.4
2020-08-26 CVE-2019-4692 Unspecified vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users.
network
low complexity
ibm
5.3
5.3
2020-08-26 CVE-2019-4691 Cross-site Scripting vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2020-08-26 CVE-2019-4688 Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-565
4.3
4.3
2020-08-26 CVE-2019-4686 Missing Encryption of Sensitive Data vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-311
5.3
5.3
2020-08-24 CVE-2020-4598 Open Redirect vulnerability in IBM Security Guardium Insights 2.0.1
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
6.1
2020-08-24 CVE-2020-4593 Insufficiently Protected Credentials vulnerability in IBM Security Guardium Insights 2.0.1
IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-522
4.4
4.4
2020-08-24 CVE-2020-4383 Unspecified vulnerability in IBM Elastic Storage Server
IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services.
network
low complexity
ibm
6.5
6.5
2020-08-24 CVE-2020-4382 Unspecified vulnerability in IBM Elastic Storage Server
IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services.
local
low complexity
ibm
5.5
5.5