Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD8535E734E3F548AB07B02CDF92FA67398F7AECF95E5C679590DDB4CBD927D88
HistorySep 28, 2018 - 4:30 a.m.

Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerabilities

2018-09-2804:30:01
www.ibm.com
12

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2015-8100 DESCRIPTION: OpenBSD could allow a local attacker to obtain sensitive information, caused by the use of 0644 permissions for snmpd.conf by the net-snmp package. By reading the file, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107941&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2015-5621 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105232&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2014-3565 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the “-OQ” option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95638&gt; for the current score

Affected Products and Versions

Affected IBM Security Guardium

|

Affected Versions

—|—
IBM Security Guardium | 10.5

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Security Guardium | 10.5 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FInfoSphere+Guardium&amp;fixids=SqlGuard_10.0p512_Sep-24-2018&amp;source=SAR&amp;function=fixId&amp;parent=IBM Security

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security guardiumeq10.5

Related

nessus 35
ibm 18
cloudfoundry 1
securityvulns 7
openvas 16
ubuntu 1
debiancve 3
osv 3
prion 3
cbl_mariner 1
ubuntucve 5
zdt 1
veracode 4
alpinelinux 1
f5 4
freebsd 2
oraclelinux 3
packetstorm 1
cve 3
amazon 1
gentoo 1
redhat 3
fedora 3
mageia 1
centos 3
ics 1
debian 2
archlinux 1
rosalinux 1
nessus
nessus
Ubuntu 14.04 LTS : Net-SNMP vulnerabilities (USN-2711-1)
2015-08-18 00:00:00
SUSE SLED12 / SLES12 Security Update : net-snmp (SUSE-SU-2015:1556-1)
2015-09-15 00:00:00
FreeBSD : net-snmp -- snmp_pdu_parse() function incomplete initialization (381183e8-3798-11e5-9970-14dae9d210b8)
2015-08-03 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Net-SNMP affect IBM Security Access Manager for Mobile (CVE-2014-3565, CVE-2015-5621)
2018-06-16 21:39:29
Security Bulletin: Vulnerabilities in Net-SNMP affect IBM Security Access Manager for Web (CVE-2014-3565, CVE-2015-5621)
2018-06-16 21:38:59
Security Bulletin: Vulnerability in Net-SNMP affects PowerKVM (CVE-2015-5621)
2018-06-18 01:29:25
cloudfoundry
cloudfoundry
USN-2711-1 Net-SNMP Vulnerabilities | Cloud Foundry
2015-10-07 00:00:00
securityvulns
securityvulns
[USN-2711-1] Net-SNMP vulnerabilities
2015-08-24 00:00:00
Net-SNMP memory corruption
2015-08-24 00:00:00
[ MDVSA-2014:184 ] net-snmp
2014-09-29 00:00:00
openvas
openvas
Ubuntu Update for net-snmp USN-2711-1
2015-08-18 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-590)
2015-09-08 00:00:00
RedHat Update for net-snmp RHSA-2015:1636-01
2015-08-18 00:00:00
ubuntu
ubuntu
Net-SNMP vulnerabilities
2015-08-17 00:00:00
debiancve
debiancve
CVE-2015-8100
2015-11-10 03:59:00
CVE-2015-5621
2015-08-19 15:59:00
CVE-2014-3565
2014-10-07 14:55:00
osv
osv
CVE-2015-8100
2015-11-10 03:59:00
net-snmp - security update
2018-03-26 00:00:00
net-snmp - security update
2018-03-28 00:00:00
prion
prion
Design/Logic Flaw
2015-11-10 03:59:00
Design/Logic Flaw
2015-08-19 15:59:00
Design/Logic Flaw
2014-10-07 14:55:00
cbl_mariner
cbl_mariner
CVE-2015-8100 affecting package net-snmp 5.8-4
2021-04-06 23:50:12
ubuntucve
ubuntucve
CVE-2015-5621
2015-07-31 00:00:00
CVE-2015-8100
2015-11-10 00:00:00
CVE-2014-3565
2014-10-07 00:00:00
zdt
zdt
OpenBSD net-snmp Information Disclosure Vulnerability
2015-11-14 00:00:00
veracode
veracode
Information Disclosure
2023-01-19 21:06:45
Denial Of Service (DoS)
2019-01-15 09:07:07
Denial Of Service (DoS)
2019-01-15 09:06:52
alpinelinux
alpinelinux
CVE-2015-8100
2015-11-10 03:59:00
f5
f5
K17378 : SNMP vulnerability CVE-2015-5621
2015-10-08 00:00:00
SOL17378 - SNMP vulnerability CVE-2015-5621
2015-10-07 00:00:00
K17315 : SNMP vulnerability CVE-2014-3565
2015-09-29 00:00:00
freebsd
freebsd
net-snmp -- snmp_pdu_parse() function incomplete initialization
2015-04-11 00:00:00
net-snmp -- snmptrapd crash
2014-07-31 00:00:00
oraclelinux
oraclelinux
net-snmp security update
2015-08-17 00:00:00
net-snmp security and bug fix update
2015-11-23 00:00:00
net-snmp security and bug fix update
2015-07-28 00:00:00
packetstorm
packetstorm
OpenBSD net-snmp Information Disclosure
2015-11-13 00:00:00
cve
cve
CVE-2015-8100
2015-11-10 03:59:00
CVE-2015-5621
2015-08-19 15:59:00
CVE-2014-3565
2014-10-07 14:55:00
amazon
amazon
Medium: net-snmp
2015-09-02 12:00:00
gentoo
gentoo
SNMP: Denial of service
2015-07-10 00:00:00
redhat
redhat
(RHSA-2015:2345) Moderate: net-snmp security and bug fix update
2015-11-19 13:36:48
(RHSA-2015:1385) Moderate: net-snmp security and bug fix update
2015-07-22 00:00:00
(RHSA-2015:1636) Moderate: net-snmp security update
2015-08-17 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: net-snmp-5.7.2-18.fc20
2014-09-09 22:10:31
[SECURITY] Fedora 19 Update: net-snmp-5.7.2-15.fc19
2014-09-10 13:27:10
[SECURITY] Fedora 21 Update: net-snmp-5.7.2-23.fc21
2014-09-23 05:00:09
mageia
mageia
Updated net-snmp packages fix CVE-2014-3565
2014-09-05 13:07:37
centos
centos
net security update
2015-07-26 14:12:35
net security update
2015-11-30 19:45:16
net security update
2015-08-17 16:22:33
ics
ics
Siemens Industrial Products SNMP (Update F)
2022-04-14 12:00:00
debian
debian
[SECURITY] [DSA 4154-1] net-snmp security update
2018-03-28 09:21:30
[SECURITY] [DSA 4154-1] net-snmp security update
2018-03-28 09:21:30
archlinux
archlinux
[ASA-201810-11] net-snmp: multiple issues
2018-10-17 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1929
2021-07-02 17:32:57

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for D8535E734E3F548AB07B02CDF92FA67398F7AECF95E5C679590DDB4CBD927D88
nessus35ibm18cloudfoundry1securityvulns7openvas16ubuntu1debiancve3osv3prion3cbl_mariner1ubuntucve5zdt1veracode4alpinelinux1f54freebsd2oraclelinux3packetstorm1cve3amazon1gentoo1redhat3fedora3mageia1centos3ics1debian2archlinux1rosalinux1