|
201301
|
7.5 |
HIGH
Network
|
ibm
|
guardium_data_encryption
|
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-20474
|
2024-11-21 14:46 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201302
|
4.3 |
MEDIUM
Network
|
ibm
|
guardium_data_encryption
|
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-20417
|
2024-11-21 14:46 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201303
|
5.3 |
MEDIUM
Network
|
ibm
|
guardium_data_encryption
|
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit t…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-20416
|
2024-11-21 14:46 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201304
|
7.5 |
HIGH
Network
|
ibm
|
guardium_data_encryption
|
IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2021-20415
|
2024-11-21 14:46 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201305
|
7.5 |
HIGH
Network
|
ibm
|
guardium_data_encryption
|
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2021-20379
|
2024-11-21 14:46 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201306
|
8.8 |
HIGH
Network
|
ibm
|
guardium_data_encryption
|
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 1957…
|
CWE-613
Insufficient Session Expiration
|
CVE-2021-20378
|
2024-11-21 14:46 |
2021-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201307
|
6.5 |
MEDIUM
Network
|
ibm
netapp
|
cognos_analytics
oncommand_insight
|
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-20461
|
2024-11-21 14:46 |
2021-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201308
|
4.3 |
MEDIUM
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websit…
|
CWE-352
Origin Validation Error
|
CVE-2021-20580
|
2024-11-21 14:46 |
2021-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201309
|
5.5 |
MEDIUM
Local
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.
|
CWE-276
Incorrect Default Permissions
|
CVE-2021-20490
|
2024-11-21 14:46 |
2021-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201310
|
5.4 |
MEDIUM
Network
|
ibm
|
planning_analytics
|
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20477
|
2024-11-21 14:46 |
2021-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
