Lucene search
IBM9092AD9C7DE61BC6DC7C76164D7A4CF035B5C6AA031ADD6509B32535130F5712HistoryOct 09, 2020 - 7:46 p.m.
Security Bulletin: IBM Security Guardium is affected by Use of Hard-Coded Credentials vulnerabilities
2020-10-0919:46:48
www.ibm.com
3
0.001 Low
EPSS
Percentile
46.2%
Summary
IBM Security Guardium has addressed the following vulnerabilities.
Vulnerability Details
CVEID:CVE-2020-4177
**DESCRIPTION:**IBM Security Guardium contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174732 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Guardium | 10.5 |
| IBM Security Guardium | 10.6 |
| IBM Security Guardium | 11.0 |
| IBM Security Guardium | 11.1 |
Remediation/Fixes
Product
|
VRMF
|
Remediation / First Fix
—|—|—
IBM Security Guardium | 10.5 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p535_Bundle_Jul-16-2020&includeSupersedes=0&source=fc
IBM Security Guardium | 10.6 | | https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p650_Bundle_Jun-01-2020&includeSupersedes=0&source=fc
IBM Security Guardium | 11.0 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p30_Bundle_Aug-25-2020&includeSupersedes=0&source=fc
IBM Security Guardium | 11.1 | | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p115_Bundle_May-19-2020&includeSupersedes=0&source=fc
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security guardium | eq | 10.5.0 | |
| ibm security guardium | eq | 10.6.0 | |
| ibm security guardium | eq | 11.0.0 | |
| ibm security guardium | eq | 11.1.0 |
Related
cvelist
cvelist
CVE-2020-4177
2020-06-02 00:00:00
prion
prion
Hardcoded credentials
2020-06-03 15:15:00
cve
cve
CVE-2020-4177
2020-06-03 15:15:12
nvd
nvd
CVE-2020-4177
2020-06-03 15:15:12
0.001 Low
EPSS
Percentile
46.2%
Related for 9092AD9C7DE61BC6DC7C76164D7A4CF035B5C6AA031ADD6509B32535130F5712