Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0670C43C3BEADC05D98D8EFB76A006852B58B05044FCBBF46EFF53AED5CB9700
HistoryMay 23, 2024 - 5:59 p.m.

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-42753, CVE-2023-5178, CVE-2023-47710, CVE-2023-45871)

2024-05-2317:59:38
www.ibm.com
4
ibm guardium
vulnerabilities
cve-2023-42753
cve-2023-5178
cve-2023-47710
cve-2023-45871
linux kernel
cross-site scripting
buffer overflow

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.2%

JSON

Summary

IBM Security Guardium has addressed these vulnerabilities in an update.

Vulnerability Details

CVEID:CVE-2023-42753
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer underflow due to an array indexing issue in the netfilter ipset subsystem. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266809 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-5178
**DESCRIPTION:**Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the nvmet_tcp_free_crypto function in the NVMe-oF/TCP subsystem. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-47710
**DESCRIPTION:**IBM Security Guardium is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271525 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2023-45871
**DESCRIPTION:**Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268717 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium 11.4
IBM Security Guardium 11.5
IBM Security Guardium 12.0

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product Versions ** Fix**
IBM Security Guardium 11.4 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p6406_May-Security-Patch_V11.4&includeSupersedes=0&source=fc
IBM Security Guardium 11.5 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p6506_May-Security-Patch_V11.5&includeSupersedes=0&source=fc
IBM Security Guardium 12.0 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=12.0&platform=Linux&function=fixId&fixids=SqlGuard_12.0p15_Bundle_Apr-23-2024&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_guardiumMatch11.4
OR
ibmsecurity_guardiumMatch11.5
OR
ibmsecurity_guardiumMatch12.0

Related

cvelist 4
nessus 86
vulnrichment 1
cve 4
nvd 4
redhat 29
ibm 3
prion 3
cbl_mariner 5
redhatcve 3
ubuntucve 3
oraclelinux 16
openvas 9
debiancve 3
f5 1
centos 1
virtuozzo 2
githubexploit 1
osv 8
ubuntu 5
rosalinux 3
photon 2
rocky 1
amazon 2
cvelist
cvelist
CVE-2023-47710 IBM Security Guardium cross-site scripting
2024-05-24 12:01:02
CVE-2023-45871
2023-10-15 00:00:00
CVE-2023-42753 Kernel: netfilter: potential slab-out-of-bound access due to integer underflow
2023-09-25 20:25:59
nessus
nessus
RHEL 9 : kpatch-patch (RHSA-2024:0386)
2024-01-25 00:00:00
RHEL 7 : kernel (RHSA-2024:0999)
2024-02-27 00:00:00
CentOS 7 : kernel (RHSA-2024:0346)
2024-01-25 00:00:00
vulnrichment
vulnrichment
CVE-2023-47710 IBM Security Guardium cross-site scripting
2024-05-24 12:01:02
cve
cve
CVE-2023-47710
2024-05-24 12:15:08
CVE-2023-42753
2023-09-25 21:15:15
CVE-2023-45871
2023-10-15 01:15:09
nvd
nvd
CVE-2023-47710
2024-05-24 12:15:08
CVE-2023-42753
2023-09-25 21:15:15
CVE-2023-45871
2023-10-15 01:15:09
redhat
redhat
(RHSA-2024:0386) Important: kpatch-patch security update
2024-01-24 08:54:34
(RHSA-2024:0999) Important: kernel security update
2024-02-27 06:26:13
(RHSA-2024:0347) Important: kernel-rt security and bug fix update
2024-01-23 15:58:24
ibm
ibm
Security Bulletin: Vulnerability in Linux Kernel could affect IBM Storage Copy Data Management
2024-04-30 21:41:37
Security Bulletin: Multiple Linux Kernel vulnerabilities affects IBM Storage Scale System.
2024-05-03 09:04:24
Security Bulletin: Vulnerability with Kernel affect IBM Cloud Object Storage Systems (Jan 2024v1)
2024-02-05 16:19:52
prion
prion
Buffer overflow
2023-09-25 21:15:00
Code injection
2023-10-15 01:15:00
Double free
2023-11-01 17:15:00
cbl_mariner
cbl_mariner
CVE-2023-42753 affecting package hyperv-daemons for versions less than 5.15.133.1-1
2023-10-11 01:41:59
CVE-2023-42753 affecting package kernel for versions less than 5.15.135.1-2
2023-11-08 02:07:28
CVE-2023-45871 affecting package kernel for versions less than 5.15.135.1-2
2023-11-08 02:07:28
redhatcve
redhatcve
CVE-2023-45871
2023-10-18 00:59:23
CVE-2023-42753
2023-09-25 11:25:02
CVE-2023-5178
2023-10-16 04:16:55
ubuntucve
ubuntucve
CVE-2023-45871
2023-10-15 00:00:00
CVE-2023-42753
2023-09-25 00:00:00
CVE-2023-5178
2023-11-01 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2023-09-23 00:00:00
kernel security and bug fix update
2024-02-23 00:00:00
Unbreakable Enterprise kernel security update
2023-09-22 00:00:00
openvas
openvas
CentOS: Security Advisory for bpftool (CESA-2024:0346)
2024-03-05 00:00:00
Ubuntu: Security Advisory (USN-6495-2)
2023-12-01 00:00:00
Ubuntu: Security Advisory (USN-6495-1)
2023-11-22 00:00:00
debiancve
debiancve
CVE-2023-42753
2023-09-25 21:15:15
CVE-2023-45871
2023-10-15 01:15:09
CVE-2023-5178
2023-11-01 17:15:11
f5
f5
K000139897: Linux kernel vulnerability CVE-2023-42753
2024-06-04 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2024-01-26 18:06:10
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel Patch 165.1 for Virtuozzo Hybrid Server 7.5
2023-12-19 00:00:00
[Important] [Security] Virtuozzo ReadyKernel Patch 162.0 for Virtuozzo Hybrid Server 7.5
2023-10-12 00:00:00
githubexploit
githubexploit
Exploit for Use After Free in Linux Linux Kernel
2024-02-05 15:58:24
osv
osv
linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
2023-11-21 15:30:50
linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop vulnerabilities
2023-11-30 17:38:29
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15 vulnerabilities
2023-11-30 17:24:11
ubuntu
ubuntu
Linux kernel vulnerabilities
2023-11-21 00:00:00
Linux kernel vulnerabilities
2023-11-30 00:00:00
Linux kernel vulnerabilities
2023-11-21 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2385
2024-03-28 06:53:29
Advisory ROSA-SA-2024-2384
2024-03-28 06:52:37
Advisory ROSA-SA-2024-2383
2024-03-28 06:51:27
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0656
2023-09-27 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0488
2023-10-12 00:00:00
rocky
rocky
kernel security update
2024-01-12 19:59:56
amazon
amazon
Important: kernel
2023-09-27 22:15:00
Important: kernel
2023-09-27 22:48:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.2%

JSON
Related for 0670C43C3BEADC05D98D8EFB76A006852B58B05044FCBBF46EFF53AED5CB9700
cvelist4nessus86vulnrichment1cve4nvd4redhat29ibm3prion3cbl_mariner5redhatcve3ubuntucve3oraclelinux16openvas9debiancve3f51centos1virtuozzo2githubexploit1osv8ubuntu5rosalinux3photon2rocky1amazon2