Ibm Infosphere Guardium vulnerabilities

CVE-2012-3336 [HIGH] CWE-89 CVE-2012-3336: IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated at IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282.

CVE-2012-3338 [MEDIUM] CWE-20 CVE-2012-3338: IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrict IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286.

CVE-2012-3337 [MEDIUM] CWE-22 CVE-2012-3337: IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284.

CVE-2012-3340 [MEDIUM] CWE-776 CVE-2012-3340: IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291.

CVE-2012-3341 [MEDIUM] CWE-79 CVE-2012-3341: IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by imp IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacke

CVE-2013-0490 [HIGH] CVE-2013-0490: Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS allows local users to Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS allows local users to gain privileges via unknown vectors.

CVE-2012-3312 [MEDIUM] CWE-310 CVE-2012-3312: The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

CVE-2012-3309 [MEDIUM] CWE-352 CVE-2012-3309: Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guar Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.