Lucene search

IBM197C53B56D40E70A3CF49565F158C5EB92272877C888D7A5C20D73C1F7BE8933

HistorySep 19, 2023 - 8:28 p.m.

Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2022-43904)

2023-09-1920:28:48

www.ibm.com

ibm security guardium

vulnerability

disclosure

update

10.6

11.3

11.4

11.5

fix

information disclosure

sensitive information

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

31.8%

JSON

Summary

IBM Security Guardium has addressed this vulnerability.

Vulnerability Details

CVEID:CVE-2022-43904
**DESCRIPTION:**IBM Security Guardium could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Guardium	10.6
IBM Security Guardium	11.3
IBM Security Guardium	11.4
IBM Security Guardium	11.5

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product	Versions	Fix
IBM Security Guardium	10.6	https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p1025_Bundle_Jul-20-2023&includeSupersedes=0&source=fc
IBM Security Guardium	11.3	https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p385_Bundle_Jun-05-2023&includeSupersedes=0&source=fc
IBM Security Guardium	11.4	https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p475_Bundle_Jul-20-2023&includeSupersedes=0&source=fc
IBM Security Guardium	11.5	https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p530_Bundle_Aug-29-2023&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_guardiumMatch10.6

ibmsecurity_guardiumMatch11.3

ibmsecurity_guardiumMatch11.4

ibmsecurity_guardiumMatch11.5

CPENameOperatorVersion
ibm security guardiumeq10.6
ibm security guardiumeq11.3
ibm security guardiumeq11.4
ibm security guardiumeq11.5

Name	Operator	Version
ibm security guardium	eq	10.6
ibm security guardium	eq	11.3
ibm security guardium	eq	11.4
ibm security guardium	eq	11.5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

31.8%

JSON

Related for 197C53B56D40E70A3CF49565F158C5EB92272877C888D7A5C20D73C1F7BE8933