RSS   Podatności dla 'Security guardium insights'   RSS

2020-08-27
 
CVE-2020-4603

CWE-269
 

 
IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880.

 
 
CVE-2020-4175

CWE-200
 

 
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684.

 
 
CVE-2020-4174

CWE-327
 

 
IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683.

 
 
CVE-2020-4172

CWE-922
 

 
IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 174408.

 
 
CVE-2020-4171

CWE-200
 

 
IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407.

 
 
CVE-2020-4169

CWE-327
 

 
IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405.

 
 
CVE-2020-4167

CWE-287
 

 
IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. IBM X-Force ID: 174403.

 
 
CVE-2020-4166

CWE-209
 

 
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 174402.

 
2020-07-09
 
CVE-2020-4173

NVD-CWE-Other
 

 
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682.

 

 >>> Vendor: IBM 1034 Produkty
AIX
SNG
Lotus domino mail server
Lotus notes
OS2
GINA
Lotus domino server
Aix enetwork firewall
Websphere application server
Lotus cc mail
Tivoli opc tracker agent
Netfinity remote control
System data repository
Homepageprint
Navio nc browser
Network station manager
Http server
Net.data
Os2 ftp server
As400 firewall
Http server ssl module common
Lotus domino
Tivoli management framework
Db2 universal database
Websphere plugin
Net.commerce
Net.commerce hosting server
Websphere commerce suite
High availability cluster multiprocessing
Aix snmp
Tivoli netview
4758
Informix web datablade
Tivoli secureway policy director
Hacmp
Alphaworks tftp server
Secureway directory
Lotus domino r5
Visualage for java
Tivoli storage manager
Informix
Websphere caching proxy server
Secureway firewall
U2 universe
Autofs
Aix parallel systems support programs
Os 400
Infoprint 21
Lotus notes client
Lotus domino web server
DB2
Tivoli firewall toolbox
Internet security systems blackice defender
Cloudscape
Acprunner
Websphere edge server caching proxy
Ds4100
Director agent
Mcs-7815-1000
Mcs-7815i-2.0
Mcs-7835i-2.4
Mcs-7835i-3.0
X330
X340
X342
X345
Informix dynamic server
Informix extended parallel server
Parallel environment
Trading partner interchange
Tivoli directory server
Tivoli access manager for e-business
Tivoli access manager identity manager solution
Tivoli configuration manager
Tivoli configuration manager for atm
Websphere everyplace server
Egatherer
Hardware management console
Client access
Iseries as 400
Rational clearquest
Lotus domino enterprise server
Db2 content manager
Informix dynamic database server
Lotus domino inotes client
Tivoli business systems manager
Network appliance data ontap
Director
Lotus domino web access
Inventory scout
Client security password manager
Informix client sdk
Informix i-connect
Websphere host on-demand
Tivoli identity manager
Filenet p8 application engine
Lotus sametime
Tivoli provisioning manager os deployment
Tivoli business service manager
Tivoli monitoring express
Zobacz wszystkie produkty dla producenta IBM


Copyright 2021, cxsecurity.com

 

Back to Top