Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ibm Subscribe
Filtered by product Security Guardium Insights
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-4598 2 Ibm, Linux 2 Security Guardium Insights, Linux Kernel 2020-08-26 5.8 MEDIUM 6.1 MEDIUM
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823.
CVE-2020-4593 2 Ibm, Linux 2 Security Guardium Insights, Linux Kernel 2020-08-26 2.1 LOW 4.4 MEDIUM
IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747.
CVE-2020-4170 2 Ibm, Linux 2 Security Guardium Insights, Linux Kernel 2020-08-26 4.3 MEDIUM 4.3 MEDIUM
IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174406.
CVE-2020-4173 2 Ibm, Linux 3 Infosphere Guardium Activity Monitor, Security Guardium Insights, Linux Kernel 2020-07-17 4.3 MEDIUM 4.3 MEDIUM
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682.