Vulnerabilities > IBM > Security Guardium > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2020-4690 Use of Hard-coded Credentials vulnerability in IBM Security Guardium 11.3
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
 9.8
9.8
2021-08-11 CVE-2021-20418 Weak Password Requirements vulnerability in IBM Security Guardium 11.2
IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
critical
 9.8
9.8
2021-05-24 CVE-2021-20426 Use of Hard-coded Credentials vulnerability in IBM Security Guardium 11.2
IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
 9.8
9.8
2020-06-04 CVE-2020-4193 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium 11.1
IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
critical
 9.8
9.8
2020-06-03 CVE-2020-4177 Use of Hard-coded Credentials vulnerability in IBM Security Guardium 11.1
IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
 9.8
9.8
2018-12-13 CVE-2018-1818 Use of Hard-coded Credentials vulnerability in IBM Security Guardium
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
network
low complexity
ibm CWE-798
critical
 9.8
9.8
2017-07-05 CVE-2017-1253 OS Command Injection vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-78
critical
 9.9
9.9
2017-07-05 CVE-2017-1269 SQL Injection vulnerability in IBM Security Guardium
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
 9.8
9.8