Vulnerabilities > IBM > Security Guardium BIG Data Intelligence > High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-16	CVE-2020-4254	Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium BIG Data Intelligence 1.0 IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. network low complexity ibm CWE-327	7.5
2019-10-29	CVE-2019-4339	Inadequate Encryption Strength vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. network low complexity ibm CWE-326	7.5
2019-10-29	CVE-2019-4314	Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. network low complexity ibm CWE-312	7.5
2019-08-20	CVE-2019-4340	XXE vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. network low complexity ibm CWE-611	8.2
2019-08-20	CVE-2019-4338	Allocation of Resources Without Limits or Throttling vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. network low complexity ibm CWE-770	7.5
2019-08-20	CVE-2019-4310	Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. network low complexity ibm CWE-307	7.5
2018-05-29	CVE-2018-1375	Session Fixation vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. network low complexity ibm CWE-384	7.5
2018-02-26	CVE-2018-1377	Insufficiently Protected Credentials vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user. local low complexity ibm CWE-522	7.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.