Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2A904EB8A505FD7A777D87A47E700EB54663347B332C6E075CAEF8A1E2FFE32E
HistoryJun 16, 2018 - 9:50 p.m.

Security Bulletin: Shell injection in CLI 'support execute' command affect IBM Security Guardium (CVE-2016-9974)

2018-06-1621:50:03
www.ibm.com
9
JSON

Summary

IBM Security Guardium Database Activity Monitor could allow a locally authenticated attacker to execute arbitrary commands on the system.

Vulnerability Details

CVEID: CVE-2016-9974**
DESCRIPTION:** IBM Security Guardium Database Activity Monitor could allow a locally authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120250&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Security Guardium V9.0, 9.1, 9.5

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Security Guardium| 9x| Contact support for further instructions
IBM Security Guardium| 10x| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p200_GPU_Nov-2016-V10.1.2&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Related

cve 1
cve
cve
CVE-2016-9974
2023-02-21 01:50:42
JSON
Related for 2A904EB8A505FD7A777D87A47E700EB54663347B332C6E075CAEF8A1E2FFE32E
cve1