9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.9%
IBM Security Guardium has addressed these vulnerabilities
CVEID:CVE-2022-22307
**DESCRIPTION:**IBM Security Guardium could allow a local user to obtain elevated privileges due to incorrect authorization checks.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216753 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2020-0466
**DESCRIPTION:**Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193397 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-10543
**DESCRIPTION:**Perl is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the nested regular expression quantifiers. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183203 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-26137
**DESCRIPTION:**urllib3 is vulnerable to CRLF injection. By inserting CR and LF control characters in the first argument of putrequest(), a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189426 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID:CVE-2022-40674
**DESCRIPTION:**libexpat could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the doContent function in xmlparse.c. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236116 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-10878
**DESCRIPTION:**Perl could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow related to the mishandling of a PL_regkind[OP(n)] == NOTHING situation. By using a specially-crafted regular expression, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183204 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-0465
**DESCRIPTION:**Google Android could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in various methods of hid-multitouch.c. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193398 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-29154
**DESCRIPTION:**Rsync could allow a remote attacker to bypass security restrictions, caused by improper validation of file names. By utilize man-in-the-middle attack techniques, an attacker could exploit this vulnerability to write arbitrary files inside the directories of connecting peers.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232637 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID:CVE-2022-2526
**DESCRIPTION:**systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the on_stream_io() function and dns_stream_complete() function in “resolved-dns-stream.c” not incrementing the reference counting for the DnsStream object. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235161 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-31676
**DESCRIPTION:**VMware Tools could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges as the root user in the virtual machine.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234190 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-12723
**DESCRIPTION:**Perl is vulnerable to a buffer overflow, caused by recursive S_study_chunk calls in regcomp.c. By using a specially-crafted regular expression, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183205 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2021-0920
**DESCRIPTION:**Google Android could allow a local attacker to gain elevated privileges on the system, caused by a use after free flaw due to a race condition in unix_scm_to_skb of af_unix.c. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215673 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-41974
**DESCRIPTION:**OpenSVC multipath-tools for Linux could allow a local authenticated attacker to execute arbitrary commands on the system, caused by an authorization bypass flaw in the multipathd daemon. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239041 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
BM Security Guardium | 11.3 |
IBM Security Guardium | 11.4 |
IBM Security Guardium | 11.5 |
IBM encourages customers to update their systems promptly.
Product | Versions | ** Fix** |
---|---|---|
IBM Security Guardium | 11.3 |
IBM Security Guardium| 11.4| |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security guardium | eq | 11.3 | |
ibm security guardium | eq | 11.4 | |
ibm security guardium | eq | 11.5 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.9%