Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in July 2020

Vulnerability Details

CVEID:CVE-2020-4688
**DESCRIPTION:**IBM Security Guardium could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186700 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2020-4921
**DESCRIPTION:**IBM Security Guardium is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191398 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)

Affected Products and Versions

IBM Security Guardium| 10.6
IBM Security Guardium| 11.0

IBM Security Guardium| 11.1

IBM Security Guardium| 11.2
IBM Security Guardium| 11.3

Remediation/Fixes

Workarounds and Mitigations

None