Lucene search

K
ibmIBM5D1592EF6A8A0487A1F0041E7EB876063521BA5DA4C50816A5A8A2DE3D3E34EF
HistoryJun 16, 2018 - 9:50 p.m.

Security Bulletin: OpenSource GoPivotal Spring Framework Vulnerabilities affect IBM Security Guardium (CVE-2014-3578, CVE-2014-3625)

2018-06-1621:50:03
www.ibm.com
10

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

Summary

Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. IBM Security Guardium addressed these issues

Vulnerability Details

CVEID: CVE-2014-3578**
DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to view arbitrary files on the system.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93774&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-3625**
DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99872&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)


Affected Products and Versions

IBM Security Guardium V9.0, 9.1, 9.5

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Security Guardium| 9x| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p1089_LanguageUpdate_GPU-750_64-bit,SqlGuard_9.0p750_GPU_March-2017_32-bit,SqlGuard_9.0p1089_LanguageUpdate_GPU-750_32-bit,SqlGuard_9.0p750_GPU_March-2017_64-bit&includeSupersedes=0&source=fc

Workarounds and Mitigations

none

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

Related for 5D1592EF6A8A0487A1F0041E7EB876063521BA5DA4C50816A5A8A2DE3D3E34EF