Lucene search

K
ibmIBM4AEDCC479C0CCC7CADEB7CFA2DCA8F0B84D1164A9B83EFBAE98906AC6D9970A4
HistoryMar 02, 2023 - 3:04 p.m.

Security Bulletin: IBM Security Guardium is affected by a redshift-jdbc42-2.0.0.3.jar vulnerability (CVE-2022-41828)

2023-03-0215:04:49
www.ibm.com
38
ibm
security guardium
redshift-jdbc42-2.0.0.3.jar
vulnerability
fix
available
versions

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.6%

Summary

IBM Security Guardium has fixed this vulnerability

Vulnerability Details

CVEID:CVE-2022-41828
**DESCRIPTION:**Amazon AWS Redshift JDBC Driver could provide weaker than expected security, caused by failing to heck the class type when instantiating an object from a class name in Object Factory. An attacker could exploit this vulnerability to launch further attacks on the system
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237655 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium 11.4
IBM Security Guardium 11.5

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product Versions ** Fix**
IBM Security Guardium 11.4 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p460_Bundle_Nov-17-2022&includeSupersedes=0&source=fc
IBM Security Guardium 11.5

| | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p520_Bundle_Feb-20-2023&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_guardiumMatch11.4
OR
ibmsecurity_guardiumMatch11.5

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.6%

Related for 4AEDCC479C0CCC7CADEB7CFA2DCA8F0B84D1164A9B83EFBAE98906AC6D9970A4