Lucene search

IbmCVE-2016-0247

HistoryOct 22, 2016 - 3:59 a.m.

CVE-2016-0247

2016-10-2203:59:07

CWE-200

ibm

web.nvd.nist.gov

ibm security guardium

vulnerability

cve-2016-0247

information security

local users

cleartext information

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

5.1%

JSON

IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information.

Affected configurations

Nvd

Node

ibmsecurity_guardiumMatch8.2

ibmsecurity_guardiumMatch9.0

ibmsecurity_guardiumMatch9.1

ibmsecurity_guardiumMatch9.5

ibmsecurity_guardiumMatch10.0

ibmsecurity_guardiumMatch10.1

ibmsecurity_guardiumMatch10.01

VendorProductVersionCPE
ibmsecurity_guardium8.2cpe:2.3:a:ibm:security_guardium:8.2:*:*:*:*:*:*:*
ibmsecurity_guardium9.0cpe:2.3:a:ibm:security_guardium:9.0:*:*:*:*:*:*:*
ibmsecurity_guardium9.1cpe:2.3:a:ibm:security_guardium:9.1:*:*:*:*:*:*:*
ibmsecurity_guardium9.5cpe:2.3:a:ibm:security_guardium:9.5:*:*:*:*:*:*:*
ibmsecurity_guardium10.0cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*
ibmsecurity_guardium10.1cpe:2.3:a:ibm:security_guardium:10.1:*:*:*:*:*:*:*
ibmsecurity_guardium10.01cpe:2.3:a:ibm:security_guardium:10.01:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_guardium	8.2	cpe:2.3:a:ibm:security_guardium:8.2:::::::*
ibm	security_guardium	9.0	cpe:2.3:a:ibm:security_guardium:9.0:::::::*
ibm	security_guardium	9.1	cpe:2.3:a:ibm:security_guardium:9.1:::::::*
ibm	security_guardium	9.5	cpe:2.3:a:ibm:security_guardium:9.5:::::::*
ibm	security_guardium	10.0	cpe:2.3:a:ibm:security_guardium:10.0:::::::*
ibm	security_guardium	10.1	cpe:2.3:a:ibm:security_guardium:10.1:::::::*
ibm	security_guardium	10.01	cpe:2.3:a:ibm:security_guardium:10.01:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21990368

www.securityfocus.com/bid/93341

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2016-0247