Filtered by vendor Ibm
Subscriptions
Filtered by product Guardium Data Encryption
Subscriptions
Total
29 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-4713 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-09-16 | 8.8 High |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084. | ||||
CVE-2021-20416 | 1 Ibm | 1 Guardium Data Encryption | 2024-09-16 | 5.3 Medium |
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218. | ||||
CVE-2019-4686 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-09-16 | 5.3 Medium |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822. | ||||
CVE-2021-20379 | 1 Ibm | 1 Guardium Data Encryption | 2024-09-16 | 7.5 High |
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711. | ||||
CVE-2019-4701 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-09-16 | 5.3 Medium |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936. | ||||
CVE-2021-20417 | 1 Ibm | 1 Guardium Data Encryption | 2024-09-16 | 4.3 Medium |
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219 | ||||
CVE-2019-4697 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-09-16 | 6.5 Medium |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. | ||||
CVE-2019-4688 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-09-16 | 4.3 Medium |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825. | ||||
CVE-2019-4691 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-09-16 | 5.4 Medium |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828. |