Vulnerabilities > IBM > Security Guardium Insights > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-27 | CVE-2020-4166 | Information Exposure Through an Error Message vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2020-08-24 | CVE-2020-4598 | Open Redirect vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2020-08-24 | CVE-2020-4593 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. | 4.4 |
| 2020-08-24 | CVE-2020-4170 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2020-08-24 | CVE-2020-4165 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Guardium Insights 2.0.1 IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. | 5.4 |
| 2020-07-09 | CVE-2020-4173 | Unspecified vulnerability in IBM products IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |