Ibm Guardium Data Encryption vulnerabilities

CVE-2019-4693 [MEDIUM] CWE-522 CVE-2019-4693: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text w IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.

CVE-2019-4686 [MEDIUM] CWE-311 CVE-2019-4686: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorizati IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cooki

CVE-2019-4701 [MEDIUM] CVE-2019-4701: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936.

CVE-2019-4688 [MEDIUM] CWE-565 CVE-2019-4688: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorizati IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cooki

CVE-2019-4692 [MEDIUM] CVE-2019-4692: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829.

CVE-2019-4691 [MEDIUM] CWE-79 CVE-2019-4691: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vuln IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828.

CVE-2019-4697 [MEDIUM] CWE-522 CVE-2019-4697: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text w IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938.

CVE-2019-4695 [LOW] CWE-922 CVE-2019-4695: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926.

CVE-2019-4699 [LOW] CWE-209 CVE-2019-4699: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensiti IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931.