IBM Security Guardium OS Command Injection Vulnerability (CNVD-2024-11735)

2024-03-0100:00:00

China National Vulnerability Database

www.cnvd.org.cn

ibm security guardium

data protection

command injection

key lifecycle manager

remote attack

8.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.8%

JSON

IBM Security Guardium is a suite of platforms from International Business Machines (IBM) that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. An operating system command injection vulnerability exists in IBM Security Guardium Key Lifecycle Manager, which can be exploited by an authenticated, remote attacker to execute arbitrary commands on the system by sending a specially crafted request.

CPENameOperatorVersion
ibm security guardium key lifecycle managereq3.0
ibm security guardium key lifecycle managereq3.0.1
ibm security guardium key lifecycle managereq4.0
ibm security guardium key lifecycle managereq4.1
ibm security guardium key lifecycle managereq4.1.1

Name	Operator	Version
ibm security guardium key lifecycle manager	eq	3.0
ibm security guardium key lifecycle manager	eq	3.0.1
ibm security guardium key lifecycle manager	eq	4.0
ibm security guardium key lifecycle manager	eq	4.1
ibm security guardium key lifecycle manager	eq	4.1.1