Ibm Security_guardium
28 CVEs affecting Ibm Security_guardium. Latest disclosed: 2017-12-20. Critical: 2, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-1253 | Critical | 9.9 | 2017-07-05 | IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an… |
CVE-2017-1269 | Critical | 9.8 | 2017-07-05 | IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attack… |
CVE-2017-1757 | High | 8.8 | 2017-12-20 | IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to vie… |
CVE-2016-0249 | High | 8.6 | 2016-10-16 | SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100… |
CVE-2016-6065 | High | 7.8 | 2017-02-01 | IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. |
CVE-2016-0247 | High | 7.8 | 2016-10-22 | IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext informat… |
CVE-2017-1598 | High | 7.5 | 2017-12-20 | IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitiv… |
CVE-2017-1271 | High | 7.5 | 2017-12-07 | IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a p… |
CVE-2017-1267 | High | 7.5 | 2017-07-21 | IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM… |
CVE-2017-1264 | High | 7.5 | 2017-07-05 | IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality… |
CVE-2017-1122 | High | 7.4 | 2017-04-20 | IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be… |
CVE-2017-1254 | High | 7.1 | 2017-07-05 | IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnera… |
CVE-2017-1258 | Medium | 6.5 | 2017-07-05 | IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protec… |
CVE-2016-0298 | Medium | 6.5 | 2016-06-29 | Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary fil… |
CVE-2017-1262 | Medium | 6.1 | 2017-12-20 | IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to… |
CVE-2017-1256 | Medium | 6.1 | 2017-07-05 | IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus a… |
CVE-2016-0246 | Medium | 6.1 | 2016-10-22 | Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote… |
CVE-2017-1596 | Medium | 5.5 | 2017-12-20 | IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force I… |
CVE-2017-1595 | Medium | 5.5 | 2017-12-20 | IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force I… |
CVE-2017-1600 | Medium | 5.4 | 2017-12-20 | IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code… |