IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user.
IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information.
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
IBM Sterling B2B Integrator Standard Edition 188.8.131.52 through 184.108.40.206 and 220.127.116.11 through 18.104.22.168 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.