Vulnerabilities > IBM > Security Guardium > 10.01
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-17 | CVE-2018-1891 | Cross-site Scripting vulnerability in IBM Security Guardium IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. | 5.4 |
| 2018-12-17 | CVE-2018-1889 | Cross-site Scripting vulnerability in IBM Security Guardium IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. | 5.4 |
| 2018-12-17 | CVE-2017-1597 | Weak Password Requirements vulnerability in IBM Security Guardium IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2018-12-17 | CVE-2017-1272 | Information Exposure vulnerability in IBM Security Guardium IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. | 5.3 |
| 2018-12-17 | CVE-2017-1265 | Improper Certificate Validation vulnerability in IBM Security Guardium IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. | 5.9 |
| 2018-12-13 | CVE-2018-1818 | Use of Hard-coded Credentials vulnerability in IBM Security Guardium IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2018-12-13 | CVE-2018-1817 | Cross-site Scripting vulnerability in IBM Security Guardium IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. | 6.1 |
| 2018-12-13 | CVE-2017-1268 | Cryptographic Issues vulnerability in IBM Security Guardium IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. | 7.5 |
| 2016-10-22 | CVE-2016-0247 | Information Exposure vulnerability in IBM Security Guardium IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information. | 7.8 |
| 2016-10-22 | CVE-2016-0246 | Cross-site Scripting vulnerability in IBM Security Guardium Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |