Lucene search

IBM34608F2658210EEB0B8116A6B4A4EC6E543E2ADF1A78C2DA380966C05B70FD9E

HistoryMar 07, 2023 - 4:39 p.m.

Security Bulletin: IBM Security Guardium is affected by the following vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889]

2023-03-0716:39:26

www.ibm.com

ibm security guardium

vulnerabilities

cve-2022-39166

cve-2022-34917

cve-2022-42889

apache kafka

apache commons text

denial of service

remote attack

memory allocation

arbitrary code execution

system update

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.972 High

EPSS

Percentile

99.8%

JSON

Summary

IBM Security Guardium has addressed these vulnerabilities [CVE-2022-39166, CVE-2022-34917, CVE-2022-42889]

Vulnerability Details

CVEID:CVE-2022-39166
**DESCRIPTION:**IBM Security Guardium could allow a privileged user to obtain sensitive information inside of an HTTP response.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235405 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-34917
**DESCRIPTION:**Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to allocate large amounts of memory on brokers, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236498 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-42889
**DESCRIPTION:**Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238560 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Guardium	11.3
IBM Security Guardium	11.4
IBM Security Guardium	11.5

Remediation/Fixes

IBM strongly encourages customers to update their systems promptly.

Product	Versions	Fix
IBM Security Guardium	11.3

IBM Security Guardium| 11.4| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p460_Bundle_Nov-17-2022&includeSupersedes=0&source=fc
IBM Security Guardium| 11.5|

| | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p520_Bundle_Feb-20-2023&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_guardiumMatch11.3

ibmsecurity_guardiumMatch11.4

ibmsecurity_guardiumMatch11.5

CPENameOperatorVersion
ibm security guardiumeq11.3
ibm security guardiumeq11.4
ibm security guardiumeq11.5

Name	Operator	Version
ibm security guardium	eq	11.3
ibm security guardium	eq	11.4
ibm security guardium	eq	11.5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.972 High

EPSS

Percentile

99.8%

JSON

Related for 34608F2658210EEB0B8116A6B4A4EC6E543E2ADF1A78C2DA380966C05B70FD9E