IBM12DB796E1E5044849321DB8E749C954879CD7C3C7F511FA5273FD0958AE8BB96Security Bulletin: IBM Security Guardium is affected by a OpenSource LibXML2 vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Summary
IBM Security Guardium has addressed the following vulnerability.
Vulnerability Details
CVEID:CVE-2015-8806
DESCRIPTION: Libxml2 is vulnerable to a denial of service, caused by a heap-buffer overread in dict.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110613> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
Affected Products and Versions
Affected Product and Versions: IBM Security Guardium 10.1.3
Remediation/Fixes
| Product | VRMF | Remediation / First Fix |
|---|---|---|
| IBM Security Guardium | 10.1.3 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur… |
| |
—|—|—
| |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security guardium | eq | 10.1.3 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P