Information Disclosure Risk in IBM Security Guardium Big Data Intelligence
CVE-2018-1369

3.7LOW

Key Information:

Vendor: IBM
Status: Security Guardium Big Data Intelligence
Vendor: CVE Published:; 29 May 2018

What is CVE-2018-1369?

IBM Security Guardium Big Data Intelligence (SonarG) version 3.1 has a vulnerability that exposes sensitive information through URL parameters. If unauthorized individuals gain access to these URLs—potentially stored in server logs, accessed through the referrer header, or found in browser history—there is a significant risk of data leakage. This issue underscores the importance of securing URL parameters to protect sensitive data.

Affected Version(s)

Security Guardium Big Data Intelligence 3.1

References

http://www.ibm.com/support/docview.wss?uid=swg22016131

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/137767

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2018
Vulnerability Reserved
Dec 13, 2017