Lucene search

IBMAF9DB0439D110F652A027B6F18E95DF66F97E9C31482C2B607F9689B0C161D83

HistoryMay 03, 2019 - 9:30 p.m.

Security Bulletin: IBM Security Guardium is affected by a Java vulnerability

2019-05-0321:30:02

www.ibm.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Summary

IBM Security Guardium has addressed the following vulnerability.

Vulnerability Details

CVEID: CVE-2018-13785
DESCRIPTION: libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected IBM Security Guardium

Affected Versions

—|—
IBM Security Guardium | 9.0 -9.5
IBM Security Guardium | 10.0 - 10.6

Remediation/Fixes

Product

VRMF

Remediation / First Fix

—|—|—
IBM Security Guardium | 9.0 - 9.5 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=9.0&platform=All&function=fixId&fixids=SqlGuard_9.0p775_CombinedFixPackForGPU750_64-bit&includeSupersedes=0&source=fc
IBM Security Guardium | 10.0 - 10.6 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p620_Bundle_Apr-25-2019&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security guardiumeq9.0
ibm security guardiumeq9.5
ibm security guardiumeq10.0
ibm security guardiumeq10.6

Name	Operator	Version
ibm security guardium	eq	9.0
ibm security guardium	eq	9.5
ibm security guardium	eq	10.0
ibm security guardium	eq	10.6

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Related for AF9DB0439D110F652A027B6F18E95DF66F97E9C31482C2B607F9689B0C161D83