Description
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/110409
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99379
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21989124
Scores
CVSS v3
3.7
EPSS
0.0094
EPSS Percentile
56.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (12)
IBM/Security Guardium
10.0
IBM/Security Guardium
10.1
IBM/Security Guardium
10.1.2
IBM/Security Guardium
9.0
IBM/Security Guardium
9.1
IBM/Security Guardium
9.5
ibm/security_guardium
9.0
ibm/security_guardium
9.1
ibm/security_guardium
9.5
ibm/security_guardium
10.0
... and 2 more
Published
Jul 05, 2017
Tracked Since
Feb 18, 2026