Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9A87E31514DAB613DF426C213AA6A1C7BEEB85145A29DF589AFEC5D2285B232D
HistoryJul 06, 2018 - 3:43 p.m.

Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities

2018-07-0615:43:26
www.ibm.com
13

EPSS

0.003

Percentile

69.0%

JSON

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID:CVE-2016-4950
**DESCRIPTION:*Cloudera Manager could allow a remote attacker to obtain sensitive information, caused by a flaw in the /api/v11/users/sessions module. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain user sessions.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123352 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2016-4949
**DESCRIPTION:*Cloudera Manager could allow a remote attacker to obtain sensitive information, caused by a flaw in the /cmf/process//logs module. By sending a specially-crafted request with ‘stderr.log’ or ‘stdout.log’ value in the filename parameter, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123353 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2016-4948
**DESCRIPTION:*Cloudera Manager is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the multiple fields to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123354 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected IBM Security Guardium

|

Affected Versions

—|—
IBM Security Guardium | 10.5

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Security Guardium | 10.5 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/…

Workarounds and Mitigations

None

Related

openvas 1
cve 3
prion 3
seebug 3
cvelist 3
nvd 3
openvas
openvas
Cloudera Manager Multiple Vulnerabilities
2017-03-09 00:00:00
cve
cve
CVE-2016-4948
2017-03-07 16:59:00
CVE-2016-4949
2017-03-07 16:59:00
CVE-2016-4950
2017-03-07 16:59:00
prion
prion
Cross site scripting
2017-03-07 16:59:00
Design/Logic Flaw
2017-03-07 16:59:00
Code injection
2017-03-07 16:59:00
seebug
seebug
Cloudera Manager =< 5.5 Enumerating user sessions with an unprivileged account (CVE-2016-4950)
2017-04-24 00:00:00
Cloudera Manager =< 5.5 Stored and reflected XSS (CVE-2016-4948)
2017-04-24 00:00:00
Cloudera Manager =< 5.5 Process logs access (CVE-2016-4949)
2017-04-24 00:00:00
cvelist
cvelist
CVE-2016-4950
2017-03-07 16:00:00
CVE-2016-4949
2017-03-07 16:00:00
CVE-2016-4948
2017-03-07 16:00:00
nvd
nvd
CVE-2016-4948
2017-03-07 16:59:00
CVE-2016-4950
2017-03-07 16:59:00
CVE-2016-4949
2017-03-07 16:59:00

EPSS

0.003

Percentile

69.0%

JSON
Related for 9A87E31514DAB613DF426C213AA6A1C7BEEB85145A29DF589AFEC5D2285B232D
openvas1cve3prion3seebug3cvelist3nvd3