Vulnerabilities > IBM > Security Guardium Insights > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-26 | CVE-2021-29838 | Information Exposure vulnerability in IBM Security Guardium Insights 3.0.0 IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2021-01-13 | CVE-2020-4604 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. | 4.4 |
| 2021-01-13 | CVE-2020-4602 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. | 4.4 |
| 2021-01-13 | CVE-2020-4600 | Information Exposure Through an Error Message vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2021-01-13 | CVE-2020-4599 | Information Exposure Through an Error Message vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2021-01-13 | CVE-2020-4597 | Cleartext Transmission of Sensitive Information vulnerability in IBM Security Guardium Insights 2.0.2 IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-08-27 | CVE-2020-4175 | Missing Authorization vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2020-08-27 | CVE-2020-4172 | Information Exposure vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. | 5.3 |
| 2020-08-27 | CVE-2020-4171 | Insecure Storage of Sensitive Information vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. | 4.3 |
| 2020-08-27 | CVE-2020-4167 | Improper Authentication vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. | 6.5 |