|
200341
|
4.3 |
MEDIUM
Network
|
ibm
|
guardium_data_encryption
|
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-20417
|
2024-11-21 14:46 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200342
|
5.3 |
MEDIUM
Network
|
ibm
|
guardium_data_encryption
|
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit t…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-20416
|
2024-11-21 14:46 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200343
|
7.5 |
HIGH
Network
|
ibm
|
guardium_data_encryption
|
IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2021-20415
|
2024-11-21 14:46 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200344
|
7.5 |
HIGH
Network
|
ibm
|
guardium_data_encryption
|
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2021-20379
|
2024-11-21 14:46 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200345
|
8.8 |
HIGH
Network
|
ibm
|
guardium_data_encryption
|
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 1957…
|
CWE-613
Insufficient Session Expiration
|
CVE-2021-20378
|
2024-11-21 14:46 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200346
|
6.5 |
MEDIUM
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-20461
|
2024-11-21 14:46 |
2021-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200347
|
4.3 |
MEDIUM
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websit…
|
CWE-352
Origin Validation Error
|
CVE-2021-20580
|
2024-11-21 14:46 |
2021-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200348
|
5.5 |
MEDIUM
Local
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.
|
CWE-276
Incorrect Default Permissions
|
CVE-2021-20490
|
2024-11-21 14:46 |
2021-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200349
|
5.4 |
MEDIUM
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20477
|
2024-11-21 14:46 |
2021-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200350
|
8.8 |
HIGH
Network
|
ibm
|
security_identity_manager_adapter
|
IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulne…
|
CWE-74
Injection
|
CVE-2021-20574
|
2024-11-21 14:46 |
2021-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
