Latest ibm gde Vulnerabilities

CVE-2021-20379
IBM Guardium Data Encryption (GDE) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
IBM GDE<=3.0.0.2
IBM GDE<=4.0.0.4
IBM Guardium Data Encryption=3.0.0.3
IBM Guardium Data Encryption=4.0.0.4
CVE-2021-20416
IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to ...
IBM GDE<=3.0.0.2
IBM GDE<=4.0.0.4
IBM Guardium Data Encryption=3.0.0.3
IBM Guardium Data Encryption=4.0.0.4
IBM-6470849
IBM GDE<=3.0.0.2
CVE-2021-20414
IBM Guardium Data Encryption (GDE) could allow a user to bruce force sensitive information due to not properly limiting the number of interactions.
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
CVE-2021-20474
IBM Security Guardium does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
IBM GDE<=3.0.0.2
IBM GDE<=4.0.0.4
IBM Guardium Data Encryption=3.0.0.2
IBM Guardium Data Encryption=4.0.0.4
IBM-6469691
IBM GDE<=4.0.0.4
IBM-6444037
IBM GDE<=4.0.0.4
CVE-2019-4160
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577.
Ibm Security Guardium Data Encrpytion=3.0.0.2
IBM GDE<=3.0.0.2
CVE-2019-4702
IBM Guardium Data Encryption (GDE) specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
IBM GDE<=3.0.0.2
Ibm Security Guardium Data Encrpytion=3.0.0.2
IBM-6403331
IBM GDE<=3.0.0.2
CVE-2019-4687
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server l...
Ibm Security Guardium Data Encrpytion=3.0.0.2
IBM GDE<=3.0.0.2
CVE-2019-4697
IBM Guardium Data Encryption (GDE) stores user credentials in plain in clear text which can be read by an authenticated user.
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
Ibm Guardium For Cloud Key Management<1.7.0
CVE-2019-4691
IBM Guardium Data Encryption (GDE) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote...
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption<4.0.0.3
Ibm Guardium For Cloud Key Management<1.7.0
CVE-2019-4699
IBM Guardium Data Encryption (GDE) generates an error message that includes sensitive information about its environment, users, or associated data.
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
Ibm Guardium For Cloud Key Management<1.7.0
CVE-2019-4686
IBM Guardium Data Encryption (GDE) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or b...
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption<4.0.0.3
Ibm Guardium For Cloud Key Management<1.7.0
IBM-6320835
IBM GDE<=3.0.0.2
CVE-2019-4694
IBM Guardium Data Encryption (GDE) contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external compon...
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
Ibm Guardium For Cloud Key Management<1.7.0
CVE-2019-4688
IBM Guardium Data Encryption (GDE) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or b...
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption<4.0.0.3
Ibm Guardium For Cloud Key Management<1.7.0
CVE-2019-4689
IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit thi...
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption<4.0.0.3
Ibm Guardium For Cloud Key Management<1.7.0
IBM-6320817
IBM GDE<=3.0.0.2
CVE-2019-4693
IBM Guardium Data Encryption (GDE) stores user credentials in plain in clear text which can be read by a local privileged user.
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
Ibm Guardium For Cloud Key Management<1.7.0
CVE-2019-4701
IBM Guardium Data Encryption (GDE) is deployed with active debugging code that can create unintended entry points.
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
Ibm Guardium For Cloud Key Management<1.7.0
CVE-2019-4698
IBM Guardium Data Encryption (GDE) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
Ibm Guardium For Cloud Key Management<1.7.0
CVE-2019-4695
IBM Guardium Data Encryption (GDE) allows web pages to be stored locally which can be read by another user on the system.
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
CVE-2019-4713
IBM Guardium Data Encryption (GDE) could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulne...
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
Ibm Guardium For Cloud Key Management<1.7.0
CVE-2019-4692
IBM Guardium Data Encryption (GDE) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
Ibm Guardium For Cloud Key Management<1.6.2
CVE-2019-11272
Pivotal Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw in the PlaintextPasswordEncoder function. By using a password of "null", an attacker could explo...
IBM GDE<=3.0.0.2
Vmware Spring Security>=4.2.0<=4.2.12
Debian Debian Linux=8.0
CVE-2019-12384
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on th...
FasterXML jackson-databind>=2.0.0<2.6.7.3
FasterXML jackson-databind>=2.7.0<2.7.9.6
FasterXML jackson-databind>=2.8.0<2.8.11.4
FasterXML jackson-databind>=2.9.0<2.9.9.1
Debian Debian Linux=8.0
Redhat Enterprise Linux=7.0
and 111 more
CVE-2019-11269
Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using redirect_uri parameter in ...
IBM GDE<=3.0.0.2
Pivotal Software Spring Security Oauth>=2.0.0<2.0.18
Pivotal Software Spring Security Oauth>=2.1.0<2.1.5
Pivotal Software Spring Security Oauth>=2.2.0<2.2.5
Pivotal Software Spring Security Oauth>=2.3.0<2.3.6
Oracle Banking Corporate Lending=14.1.0
and 6 more
CVE-2019-12814
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON en...
FasterXML jackson-databind>=2.0.0<2.6.7.3
FasterXML jackson-databind>=2.7.0<2.7.9.6
FasterXML jackson-databind>=2.8.0<2.8.11.4
FasterXML jackson-databind>=2.9.0<2.9.9.2
Debian Debian Linux=8.0
redhat/eap7-activemq-artemis<0:2.9.0-1.redhat_00005.1.el6ea
and 109 more
CVE-2019-12086
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON end...
FasterXML jackson-databind>=2.0.0<2.6.7.3
FasterXML jackson-databind>=2.7.0<2.7.9.6
FasterXML jackson-databind>=2.8.0<2.8.11.4
FasterXML jackson-databind>=2.9.0<2.9.9
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 406 more
CVE-2019-0221
Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SSI printenv command. A remote attacker could exploit this vulnerability to execute scr...
redhat/tomcat7<0:7.0.70-38.ep7.el6
redhat/tomcat8<0:8.0.36-42.ep7.el6
redhat/tomcat-native<0:1.2.23-21.redhat_21.ep7.el6
redhat/tomcat7<0:7.0.70-38.ep7.el7
redhat/tomcat8<0:8.0.36-42.ep7.el7
redhat/tomcat-native<0:1.2.23-21.redhat_21.ep7.el7
and 84 more
CVE-2019-0232
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bu...
maven/org.apache.tomcat.embed:tomcat-embed-core>=9.0.0.M1<9.0.17
maven/org.apache.tomcat.embed:tomcat-embed-core>=7.0.0<7.0.94
maven/org.apache.tomcat.embed:tomcat-embed-core>=8.0.0<8.5.40
IBM GDE<=3.0.0.2
Apache Tomcat>=7.0.0<=7.0.93
Apache Tomcat>=8.5.0<=8.5.39
and 106 more
CVE-2019-3795
Pivotal Spring Security could provide weaker than expected security, caused by an insecure randomness flaw when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. A remote att...
IBM GDE<=3.0.0.2
Vmware Spring Security>=4.2.0<4.2.12
Vmware Spring Security>=5.0.0<5.0.12
Vmware Spring Security>=5.1.0<5.1.5
Debian Debian Linux=8.0
CVE-2019-0199
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without rea...
maven/org.apache.tomcat.embed:tomcat-embed-core>=8.0.0<8.5.38
maven/org.apache.tomcat.embed:tomcat-embed-core>=9.0.0<9.0.16
IBM GDE<=3.0.0.2
Apache Tomcat>=8.5.0<=8.5.37
Apache Tomcat>=9.0.1<=9.0.14
Apache Tomcat=9.0.0-milestone1
and 60 more
CVE-2019-3778
Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in authorization endpoint. An attacker could exploit this vulnerability using ...
IBM GDE<=3.0.0.2
Pivotal Software Spring Security Oauth>=2.0.0<2.0.17
Pivotal Software Spring Security Oauth>=2.1.0<2.1.4
Pivotal Software Spring Security Oauth>=2.2.0<2.2.4
Pivotal Software Spring Security Oauth>=2.3.0<2.3.5
Oracle Banking Corporate Lending=14.1.0
and 2 more
CVE-2018-11307
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11....
debian/jackson-databind
IBM GDE<=3.0.0.2
FasterXML jackson-databind>=2.0.0<2.6.7.3
FasterXML jackson-databind>=2.7.0<2.7.9.4
FasterXML jackson-databind>=2.8.0<2.8.11.2
FasterXML jackson-databind>=2.9.0<2.9.5
and 19 more
CVE-2018-12023
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDB...
FasterXML jackson-databind>=2.7.0<2.7.9.4
FasterXML jackson-databind>=2.8.0<2.8.11.2
FasterXML jackson-databind>=2.9.0<2.9.6
Debian Debian Linux=9.0
Fedoraproject Fedora=29
Oracle Jd Edwards Enterpriseone Tools=9.2
and 15 more
CVE-2018-12022
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db ja...
FasterXML jackson-databind>=2.0.0<2.6.7.3
FasterXML jackson-databind>=2.7.0<2.7.9.4
FasterXML jackson-databind>=2.8.0<2.8.11.2
FasterXML jackson-databind>=2.9.0<2.9.6
Debian Debian Linux=9.0
Fedoraproject Fedora=29
and 13 more
CVE-2019-3774
Pivotal Spring Batch could allow a remote attacker to obtain sensitive information, caused by improper handling of XML External Entity (XXE). By persuading a victim to open a specially-crafted file, a...
IBM GDE<=3.0.0.2
Pivotal Software Spring Batch<=3.0.9
Pivotal Software Spring Batch>=4.0.0<=4.0.1
Pivotal Software Spring Batch=4.1.0
CVE-2018-19360
An unspecified error with failure to block the axis2-transport-jms class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.
FasterXML jackson-databind>=2.6.0<=2.6.7.2
FasterXML jackson-databind>=2.7.0<2.7.9.5
FasterXML jackson-databind>=2.8.0<2.8.11.3
FasterXML jackson-databind>=2.9.0<2.9.8
Debian Debian Linux=8.0
Oracle Business Process Management Suite=12.1.3.0.0
and 20 more
CVE-2018-19362
An unspecified error with failure to block the jboss-common-core class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.
debian/jackson-databind
IBM GDE<=3.0.0.2
FasterXML jackson-databind>=2.6.0<=2.6.7.2
FasterXML jackson-databind>=2.7.0<2.7.9.5
FasterXML jackson-databind>=2.8.0<2.8.11.3
FasterXML jackson-databind>=2.9.0<2.9.8
and 27 more
CVE-2018-14721
FasterXML jackson-databind is vulnerable to server-side request forgery, caused by the failure to block the axis2-jaxws class from polymorphic deserialization. A remote authenticated attacker could ex...
FasterXML jackson-databind>=2.6.0<2.6.7.2
FasterXML jackson-databind>=2.7.0<2.7.9.5
FasterXML jackson-databind>=2.8.0<2.8.11.3
FasterXML jackson-databind>=2.9.0<2.9.7
FasterXML jackson-databind=2.7.0-rc1
FasterXML jackson-databind=2.7.0-rc2
and 40 more
CVE-2018-19361
An unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.
FasterXML jackson-databind>=2.6.0<=2.6.7.2
FasterXML jackson-databind>=2.7.0<2.7.9.5
FasterXML jackson-databind>=2.8.0<2.8.11.3
FasterXML jackson-databind>=2.9.0<2.9.8
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 24 more
CVE-2018-14718
FasterXML jackson-databind 2.x before 2.9.7, 2.8.11.3, 2.7.9.5, and 2.6.7.3 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic d...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<2.6.7.3
maven/com.fasterxml.jackson.core:jackson-databind>=2.7.0<=2.7.9.4
maven/com.fasterxml.jackson.core:jackson-databind>=2.8.0<=2.8.11.2
maven/com.fasterxml.jackson.core:jackson-databind>=2.9.0<2.9.7
IBM GDE<=3.0.0.2
FasterXML jackson-databind>=2.0.0<2.6.7.3
and 58 more
CVE-2018-14720
FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by JDK classes. By sending a specially-c...
redhat/jackson-databind<2.9.7
redhat/jackson-databind<2.7.9.5
redhat/jackson-databind<2.8.11.3
debian/jackson-databind
FasterXML jackson-databind>=2.6.0<2.6.7.2
FasterXML jackson-databind>=2.7.0<2.7.9.5
and 40 more
CVE-2018-14719
FasterXML jackson-databind 2.x before 2.9.7, 2.8.11.3, and 2.7.9.5 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from...
maven/com.fasterxml.jackson.core:jackson-databind>=2.0.0<=2.7.9.4
maven/com.fasterxml.jackson.core:jackson-databind>=2.8.0<=2.8.11.2
maven/com.fasterxml.jackson.core:jackson-databind>=2.9.0<2.9.7
redhat/jackson-databind<2.9.7
redhat/jackson-databind<2.7.9.5
redhat/jackson-databind<2.8.11.3
and 57 more
CVE-2018-1000873
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be...
IBM GDE<=3.0.0.2
redhat/jackson-modules-java8<2.9.8
Fasterxml Jackson-modules-java8<2.9.8
Oracle Clusterware=12.1.0.2.0
Oracle Database Server=12.1.0.2
Oracle Database Server=12.2.0.1
and 9 more
CVE-2018-1000850
Square Retrofit could allow a remote attacker to traverse directories on the system, caused by improper input validation by the RequestBuilder class. An attacker could send a specially-crafted URL req...
redhat/retrofit<2.5.0
IBM GDE<=3.0.0.2
Squareup Retrofit>=2.0.0<2.5.0
CVE-2018-15756
Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header with a high number of ranges, a ...
IBM GDE<=3.0.0.2
redhat/springframework<5.0.10
redhat/springframework<4.3.20
VMware Spring Framework>=4.2.0<4.3.20
VMware Spring Framework>=5.0.0<5.0.10
VMware Spring Framework=5.1.0
and 111 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203