Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-0490 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 7.2 HIGH | N/A |
Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS allows local users to gain privileges via unknown vectors. | |||||
CVE-2012-3341 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 78294. | |||||
CVE-2012-3340 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291. | |||||
CVE-2012-3338 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286. | |||||
CVE-2012-3337 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284. | |||||
CVE-2012-3336 | 2 Ibm, Linux | 2 Infosphere Guardium, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282. | |||||
CVE-2012-3312 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 5.0 MEDIUM | N/A |
The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2012-3309 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | |||||
CVE-2012-2204 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
InfoSphere Guardium aix_ktap module: DoS |