IBM Security Guardium

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection

CVE-2023-42004 8.8 - High - November 28, 2023

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.

CSV Injection

IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts

CVE-2022-43904 7.5 - High - August 28, 2023

IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895.

Improper Restriction of Excessive Authentication Attempts

IBM Security Guardium 11.4 could

CVE-2022-43907 8.8 - High - August 27, 2023

IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901.

Shell injection

IBM Security Guardium 11.4 is vulnerable to cross-site scripting

CVE-2022-43909 5.4 - Medium - August 27, 2023

IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 240905.

XSS

IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting

CVE-2023-30435 5.4 - Medium - August 27, 2023

IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291.

XSS

IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting

CVE-2023-30436 5.4 - Medium - August 27, 2023

IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292.

XSS

IBM Security Guardium 11.3, 11.4, and 11.5 could

CVE-2023-30437 5.3 - Medium - August 27, 2023

IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293.

IBM Security Guardium 11.4 is vulnerable to SQL injection

CVE-2023-33852 5.4 - Medium - August 27, 2023

IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614.

SQL Injection

IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response

CVE-2022-39166 4.9 - Medium - December 20, 2022

IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text

CVE-2021-39077 4.4 - Medium - November 03, 2022

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

Cleartext Storage of Sensitive Information

IBM Security Guardium 11.4 is vulnerable to cross-site scripting

CVE-2021-39074 6.1 - Medium - June 29, 2022

IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key

CVE-2020-4690 9.8 - Critical - September 23, 2021

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.

Use of Hard-coded Credentials

IBM Security Guardium 11.3 could

CVE-2021-20377 2.7 - Low - September 23, 2021

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.

Generation of Error Message Containing Sensitive Information

IBM Security Guardium 11.2 is vulnerable to cross-site scripting

CVE-2021-20386 6.1 - Medium - May 24, 2021

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195767.

XSS

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system

CVE-2021-20385 7.2 - High - May 24, 2021

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 195766.

IBM Security Guardium 11.2 is vulnerable to SQL injection

CVE-2020-4990 8.8 - High - May 24, 2021

IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710.

SQL Injection

IBM Security Guardium 11.2 performs an operation at a privilege level

CVE-2020-4184 7.3 - High - March 15, 2021

IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802..

Improper Privilege Management

IBM Security Guardium 11.2 is vulnerable to cross-site scripting

CVE-2020-4681 5.4 - Medium - October 12, 2020

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427.

XSS

IBM Security Guardium 11.2 is vulnerable to cross-site scripting

CVE-2020-4680 5.4 - Medium - October 12, 2020

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426.

XSS

IBM Security Guardium 11.2 is vulnerable to cross-site scripting

CVE-2020-4679 4.8 - Medium - October 12, 2020

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186424.

XSS

IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to

CVE-2020-4678 4.9 - Medium - October 12, 2020

IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423.

Information Disclosure

IBM Security Guardium 11.2 is vulnerable to CVS Injection

CVE-2020-4689 6.8 - Medium - October 12, 2020

IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696.

Injection

IBM Security Guardium 10.5, 10.6, and 11.0 could

CVE-2018-1501 7.5 - High - August 26, 2020

IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226.

Missing Authentication for Critical Function

IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms

CVE-2020-4185 7.5 - High - July 30, 2020

IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803.

Use of a Broken or Risky Cryptographic Algorithm

IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page

CVE-2020-4186 5.3 - Medium - July 30, 2020

IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804.

Information Disclosure

IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context

CVE-2020-4188 5.3 - Medium - June 23, 2020

IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807.

Use of Insufficiently Random Values

IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key

CVE-2020-4190 6.7 - Medium - June 03, 2020

IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174851.

Use of Hard-coded Credentials

IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could

CVE-2019-4422 8.8 - High - October 03, 2019

IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768.

IBM Security Guardium 10.5 could

CVE-2019-4292 8.8 - High - July 02, 2019

IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698.

Unrestricted File Upload

IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting

CVE-2018-1891 5.4 - Medium - December 17, 2018

IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152082.

XSS

IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting

CVE-2018-1889 5.4 - Medium - December 17, 2018

IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152080.

XSS

IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key

CVE-2018-1818 9.8 - Critical - December 13, 2018

IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022.

Use of Hard-coded Credentials

IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting

CVE-2018-1817 6.1 - Medium - December 13, 2018

IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021.

XSS

IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might

CVE-2018-1509 7.4 - High - October 02, 2018

IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417.

Improper Certificate Validation

IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user

CVE-2018-1498 7.8 - High - October 02, 2018

IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223.

Insufficiently Protected Credentials