Lucene search

IbmCVE-2016-0249

HistoryOct 16, 2016 - 9:59 p.m.

CVE-2016-0249

2016-10-1621:59:05

CWE-89

ibm

web.nvd.nist.gov

cve-2016-0249

sql injection

ibm security guardium

database activity monitor

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

49.1%

JSON

SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

Nvd

Node

ibmsecurity_guardiumRange≤8.2

ibmsecurity_guardiumMatch9.0

ibmsecurity_guardiumMatch9.1

ibmsecurity_guardiumMatch9.5

ibmsecurity_guardiumMatch10.0

ibmsecurity_guardiumMatch10.0.1

ibmsecurity_guardiumMatch10.1.0

VendorProductVersionCPE
ibmsecurity_guardium*cpe:2.3:a:ibm:security_guardium:*:*:*:*:*:*:*:*
ibmsecurity_guardium9.0cpe:2.3:a:ibm:security_guardium:9.0:*:*:*:*:*:*:*
ibmsecurity_guardium9.1cpe:2.3:a:ibm:security_guardium:9.1:*:*:*:*:*:*:*
ibmsecurity_guardium9.5cpe:2.3:a:ibm:security_guardium:9.5:*:*:*:*:*:*:*
ibmsecurity_guardium10.0cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*
ibmsecurity_guardium10.0.1cpe:2.3:a:ibm:security_guardium:10.0.1:*:*:*:*:*:*:*
ibmsecurity_guardium10.1.0cpe:2.3:a:ibm:security_guardium:10.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_guardium	*	cpe:2.3:a:ibm:security_guardium::::::::
ibm	security_guardium	9.0	cpe:2.3:a:ibm:security_guardium:9.0:::::::*
ibm	security_guardium	9.1	cpe:2.3:a:ibm:security_guardium:9.1:::::::*
ibm	security_guardium	9.5	cpe:2.3:a:ibm:security_guardium:9.5:::::::*
ibm	security_guardium	10.0	cpe:2.3:a:ibm:security_guardium:10.0:::::::*
ibm	security_guardium	10.0.1	cpe:2.3:a:ibm:security_guardium:10.0.1:::::::*
ibm	security_guardium	10.1.0	cpe:2.3:a:ibm:security_guardium:10.1.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21990363

www.securityfocus.com/bid/93339

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

49.1%

JSON

Related for CVE-2016-0249