Vulnerabilities > IBM > Security Guardium

DATE CVE VULNERABILITY TITLE RISK
2019-10-03 CVE-2019-4422 Unspecified vulnerability in IBM Security Guardium
IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password.
network
low complexity
ibm
8.8
8.8
2019-07-02 CVE-2019-4292 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Guardium 10.5
IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server.
network
low complexity
ibm CWE-434
8.8
8.8
2018-12-17 CVE-2018-1891 Cross-site Scripting vulnerability in IBM Security Guardium
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2018-12-17 CVE-2018-1889 Cross-site Scripting vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2018-12-17 CVE-2017-1597 Weak Password Requirements vulnerability in IBM Security Guardium
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
7.5
2018-12-17 CVE-2017-1272 Information Exposure vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
5.3
5.3
2018-12-17 CVE-2017-1265 Improper Certificate Validation vulnerability in IBM Security Guardium
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate.
network
high complexity
ibm CWE-295
5.9
5.9
2018-12-13 CVE-2018-1818 Use of Hard-coded Credentials vulnerability in IBM Security Guardium
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
 9.8
9.8
2018-12-13 CVE-2018-1817 Cross-site Scripting vulnerability in IBM Security Guardium
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2018-12-13 CVE-2017-1268 Cryptographic Issues vulnerability in IBM Security Guardium
IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input.
network
low complexity
ibm CWE-310
7.5
7.5