Skip to main content

Security Guardium Big Data Intelligence CVE-2019-4309

MEDIUM
Use of Hard-coded Credentials (CWE-798)
2019-10-29 psirt@us.ibm.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 29, 2019 - 00:15 nvd
MEDIUM 5.5

DescriptionNVD

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035.

AnalysisAI

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. Affected products include: Ibm Security Guardium Big Data Intelligence.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

CVE-2018-1373 CRITICAL
9.8 Mar 02

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a r

CVE-2018-1372 CRITICAL
9.8 Feb 27

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by def

CVE-2019-4340 HIGH
8.2 Aug 20

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack

CVE-2018-1377 HIGH
7.8 Feb 26

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be rea

CVE-2020-4254 HIGH
7.5 Oct 16

IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could a

CVE-2019-4339 HIGH
7.5 Oct 29

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could a

CVE-2019-4314 HIGH
7.5 Oct 29

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource tha

CVE-2019-4338 HIGH
7.5 Aug 20

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that

CVE-2019-4310 HIGH
7.5 Aug 20

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a r

CVE-2018-1375 HIGH
7.5 May 29

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentica

CVE-2019-4306 MEDIUM
6.5 Oct 29

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which co

CVE-2018-1376 MEDIUM
6.1 May 29

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. Rated medium severity (C

Share

CVE-2019-4309 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy