Lucene search
China National Vulnerability DatabaseCNVD-2023-20081HistoryMar 23, 2023 - 12:00 a.m.
IBM Security Guardium SQL Injection Vulnerability (CNVD-2023-20081)
2023-03-2300:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
ibm security guardium
sql injection
data protection
custom ui
report management
audit process
key lifecycle manager
validation
externally entered sql statements
illegal sql commands
sensitive database data
0.001 Low
EPSS
Percentile
40.4%
IBM Security Guardium is a suite of platforms from International Business Machines (IBM) that provide data protection capabilities. The platform includes features such as custom UI, report management, and streamlined audit process construction.IBM Security Guardium Key Lifecycle Manager is vulnerable to SQL injection, which stems from the application’s lack of validation of externally entered SQL statements. An attacker could use the vulnerability to execute illegal SQL commands to steal sensitive database data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security guardium | eq | 3.0 | |
| ibm security guardium | eq | 3.0.1 | |
| ibm security guardium | eq | 4.0 | |
| ibm security guardium | eq | 4.1 | |
| ibm security guardium | eq | 4.1.1 |
Related
nvd
nvd
CVE-2023-25684
2023-03-21 17:15:11
cvelist
cvelist
CVE-2023-25684 IBM Security Key Lifecycle Manager SQL injection
2023-03-21 16:13:23
cve
cve
CVE-2023-25684
2023-03-21 17:15:11
prion
prion
Sql injection
2023-03-21 17:15:00
ibm
ibm