IBM Security Guardium
By the Year
In 2024 there have been 0 vulnerabilities in IBM Security Guardium . Last year Security Guardium had 8 security vulnerabilities published. Right now, Security Guardium is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 8 | 6.50 |
2022 | 3 | 5.13 |
2021 | 6 | 6.98 |
2020 | 10 | 5.96 |
2019 | 2 | 8.80 |
2018 | 6 | 6.98 |
It may take a day or so for new Security Guardium vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Security Guardium Security Vulnerabilities
IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection
CVE-2023-42004
8.8 - High
- November 28, 2023
IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.
CSV Injection
IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts
CVE-2022-43904
7.5 - High
- August 28, 2023
IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895.
Improper Restriction of Excessive Authentication Attempts
IBM Security Guardium 11.4 could
CVE-2022-43907
8.8 - High
- August 27, 2023
IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901.
Shell injection
IBM Security Guardium 11.4 is vulnerable to cross-site scripting
CVE-2022-43909
5.4 - Medium
- August 27, 2023
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 240905.
XSS
IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting
CVE-2023-30435
5.4 - Medium
- August 27, 2023
IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291.
XSS
IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting
CVE-2023-30436
5.4 - Medium
- August 27, 2023
IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292.
XSS
IBM Security Guardium 11.3, 11.4, and 11.5 could
CVE-2023-30437
5.3 - Medium
- August 27, 2023
IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293.
IBM Security Guardium 11.4 is vulnerable to SQL injection
CVE-2023-33852
5.4 - Medium
- August 27, 2023
IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614.
SQL Injection
IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response
CVE-2022-39166
4.9 - Medium
- December 20, 2022
IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text
CVE-2021-39077
4.4 - Medium
- November 03, 2022
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.
Cleartext Storage of Sensitive Information
IBM Security Guardium 11.4 is vulnerable to cross-site scripting
CVE-2021-39074
6.1 - Medium
- June 29, 2022
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key
CVE-2020-4690
9.8 - Critical
- September 23, 2021
IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.
Use of Hard-coded Credentials
IBM Security Guardium 11.3 could
CVE-2021-20377
2.7 - Low
- September 23, 2021
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.
Generation of Error Message Containing Sensitive Information
IBM Security Guardium 11.2 is vulnerable to cross-site scripting
CVE-2021-20386
6.1 - Medium
- May 24, 2021
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195767.
XSS
IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system
CVE-2021-20385
7.2 - High
- May 24, 2021
IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 195766.
IBM Security Guardium 11.2 is vulnerable to SQL injection
CVE-2020-4990
8.8 - High
- May 24, 2021
IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710.
SQL Injection
IBM Security Guardium 11.2 performs an operation at a privilege level
CVE-2020-4184
7.3 - High
- March 15, 2021
IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802..
Improper Privilege Management
IBM Security Guardium 11.2 is vulnerable to cross-site scripting
CVE-2020-4681
5.4 - Medium
- October 12, 2020
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427.
XSS
IBM Security Guardium 11.2 is vulnerable to cross-site scripting
CVE-2020-4680
5.4 - Medium
- October 12, 2020
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426.
XSS
IBM Security Guardium 11.2 is vulnerable to cross-site scripting
CVE-2020-4679
4.8 - Medium
- October 12, 2020
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186424.
XSS
IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to
CVE-2020-4678
4.9 - Medium
- October 12, 2020
IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423.
Information Disclosure
IBM Security Guardium 11.2 is vulnerable to CVS Injection
CVE-2020-4689
6.8 - Medium
- October 12, 2020
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696.
Injection
IBM Security Guardium 10.5, 10.6, and 11.0 could
CVE-2018-1501
7.5 - High
- August 26, 2020
IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226.
Missing Authentication for Critical Function
IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms
CVE-2020-4185
7.5 - High
- July 30, 2020
IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803.
Use of a Broken or Risky Cryptographic Algorithm
IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page
CVE-2020-4186
5.3 - Medium
- July 30, 2020
IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804.
Information Disclosure
IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context
CVE-2020-4188
5.3 - Medium
- June 23, 2020
IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807.
Use of Insufficiently Random Values
IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key
CVE-2020-4190
6.7 - Medium
- June 03, 2020
IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851.
Use of Hard-coded Credentials
IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could
CVE-2019-4422
8.8 - High
- October 03, 2019
IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768.
IBM Security Guardium 10.5 could
CVE-2019-4292
8.8 - High
- July 02, 2019
IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698.
Unrestricted File Upload
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting
CVE-2018-1891
5.4 - Medium
- December 17, 2018
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152082.
XSS
IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting
CVE-2018-1889
5.4 - Medium
- December 17, 2018
IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152080.
XSS
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key
CVE-2018-1818
9.8 - Critical
- December 13, 2018
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022.
Use of Hard-coded Credentials
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting
CVE-2018-1817
6.1 - Medium
- December 13, 2018
IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021.
XSS
IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might
CVE-2018-1509
7.4 - High
- October 02, 2018
IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417.
Improper Certificate Validation
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user
CVE-2018-1498
7.8 - High
- October 02, 2018
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Security Guardium or by IBM? Click the Watch button to subscribe.