Lucene search

IBMC67FE81EF3332A5D1A8FF48C943DCC3BE0B085797B85F79E63965426763321D9

HistorySep 19, 2023 - 8:04 p.m.

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-30435, CVE-2023-30436, CVE-2023-30437)

2023-09-1920:04:15

www.ibm.com

ibm security guardium

cross-site scripting

stored cross-site scripting

vulnerabilities

cve-2023-30435

cve-2023-30436

cve-2023-30437

11.3

11.4

11.5

remediation

update

8.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

0.0004 Low

EPSS

Percentile

13.1%

JSON

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID:CVE-2023-30437
**DESCRIPTION:**IBM Security Guardium could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252293 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2023-30436
**DESCRIPTION:**IBM Security Guardium is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252292 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L)

CVEID:CVE-2023-30435
**DESCRIPTION:**IBM Security Guardium is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 8.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252291 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Guardium	11.3
IBM Security Guardium	11.4
IBM Security Guardium	11.5

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product	Versions	Fix
IBM Security Guardium	11.3	https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p387_Security-Fix&includeSupersedes=0&source=fc
IBM Security Guardium	11.4	https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p475_Bundle_Jul-20-2023&includeSupersedes=0&source=fc
IBM Security Guardium	11.5	https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p530_Bundle_Aug-29-2023&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_guardiumMatch11.3

ibmsecurity_guardiumMatch11.4

ibmsecurity_guardiumMatch11.5

CPENameOperatorVersion
ibm security guardiumeq11.3
ibm security guardiumeq11.4
ibm security guardiumeq11.5

Name	Operator	Version
ibm security guardium	eq	11.3
ibm security guardium	eq	11.4
ibm security guardium	eq	11.5

8.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

0.0004 Low

EPSS

Percentile

13.1%

JSON

Related for C67FE81EF3332A5D1A8FF48C943DCC3BE0B085797B85F79E63965426763321D9