Vulnerabilities > IBM > Security Guardium > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-4180 | OS Command Injection vulnerability in IBM Security Guardium 11.1 IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2019-10-03 | CVE-2019-4422 | Unspecified vulnerability in IBM Security Guardium IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. | 8.8 |
| 2019-07-02 | CVE-2019-4292 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Guardium 10.5 IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. | 8.8 |
| 2018-12-17 | CVE-2017-1597 | Weak Password Requirements vulnerability in IBM Security Guardium IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2018-12-13 | CVE-2017-1268 | Cryptographic Issues vulnerability in IBM Security Guardium IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. | 7.5 |
| 2018-10-02 | CVE-2018-1509 | Improper Certificate Validation vulnerability in IBM Security Guardium 10.5 IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 7.4 |
| 2018-10-02 | CVE-2018-1498 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium 10.5 IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2018-05-02 | CVE-2017-1255 | Inadequate Encryption Strength vulnerability in IBM Security Guardium IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2017-12-20 | CVE-2017-1757 | SQL Injection vulnerability in IBM Security Guardium IBM Security Guardium 10.0 is vulnerable to SQL injection. | 8.8 |
| 2017-12-20 | CVE-2017-1598 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |