|
219271
|
5.5 |
MEDIUM
Local
|
ibm
|
security_guardium_big_data_intelligence
|
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-4309
|
2024-11-21 13:43 |
2019-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219272
|
5.5 |
MEDIUM
Local
|
ibm
|
security_guardium_big_data_intelligence
|
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 160987.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-4307
|
2024-11-21 13:43 |
2019-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219273
|
6.5 |
MEDIUM
Network
|
ibm
|
security_guardium_big_data_intelligence
|
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that r…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-4306
|
2024-11-21 13:43 |
2019-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219274
|
5.4 |
MEDIUM
Network
|
ibm
|
cloud_orchestrator
|
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further att…
|
CWE-74
Injection
|
CVE-2019-4461
|
2024-11-21 13:43 |
2019-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219275
|
4.3 |
MEDIUM
Network
|
ibm
|
cloud_orchestrator
|
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containi…
|
CWE-22
Path Traversal
|
CVE-2019-4400
|
2024-11-21 13:43 |
2019-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219276
|
7.5 |
HIGH
Network
|
ibm
|
cloud_orchestrator
|
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-4399
|
2024-11-21 13:43 |
2019-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219277
|
3.3 |
LOW
Local
|
ibm
|
cloud_orchestrator
|
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333.
|
NVD-CWE-noinfo
|
CVE-2019-4395
|
2024-11-21 13:43 |
2019-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219278
|
5.4 |
MEDIUM
Network
|
ibm
|
cloud_orchestrator
|
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could expl…
|
CWE-74
Injection
|
CVE-2019-4396
|
2024-11-21 13:43 |
2019-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219279
|
2.3 |
LOW
Local
|
ibm
|
cloud_orchestrator
|
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.
|
NVD-CWE-noinfo
|
CVE-2019-4394
|
2024-11-21 13:43 |
2019-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219280
|
7.5 |
HIGH
Network
|
ibm
|
security_access_manager
|
IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.
|
NVD-CWE-noinfo
|
CVE-2019-4036
|
2024-11-21 13:43 |
2019-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
