XML External Entity (XXE) security vulnerability in InfoSphere Guardium allows remote authenticated users to obtain sensitive information via unspecified vectors.
VULNERABILITY DETAILS:
CVE ID: CVE-2012-3340
DESCRIPTION:
User can get to an error report containing content of a file on the server with database password.
CVSS:
CVSS Base Score: 4.0
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/78291> for the current score
CVSS Environmental Score*: Undefined
AFFECTED PLATFORMS:
IBM InfoSphere Guardium 8.2 and earlier
REMEDIATION:
Apply the patch for password disclosure. - The patch is included within the latest GPU for each version.
As of August 24, 2012, the latest Guardium patches and GPU fixpacks for all versions are available through FixCentral.
REFERENCES:
ยท On-line Calculator V2
ยท X-Force Vulnerability Database
ยท CVE-2012-3312
RELATED INFORMATION:
ยท IBM Secure Engineering Web Portal
ยท IBM Product Security Incident Response Blog** **
[{โProductโ:{โcodeโ:โSSMPHHโ,โlabelโ:โIBM Security Guardiumโ},โBusiness Unitโ:{โcodeโ:โBU059โ,โlabelโ:โIBM Software w/o TPSโ},โComponentโ:โโโ,โPlatformโ:[{โcodeโ:โPF016โ,โlabelโ:โLinuxโ}],โVersionโ:โ8.2;8.0.1;8.0โ,โEditionโ:โโ,โLine of Businessโ:{โcodeโ:โLOB24โ,โlabelโ:โSecurity Softwareโ}}]