Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDAF6551F01C268FBD54CB55E1C29D471E38C7D22707113CE16DE9C6019835D61
HistoryApr 04, 2023 - 4:23 p.m.

Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2021-3715)

2023-04-0416:23:37
www.ibm.com
24

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Summary

IBM Security Guardium has fixed this vulnerability.

Vulnerability Details

CVEID:CVE-2021-3715
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in route4_change() in net/sched/cls_route.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208836 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium 11.3
IBM Security Guardium 11.4

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product Versions ** Fix**
IBM Security Guardium 11.3

IBM Security Guardium| 11.4| | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p470_Bundle_Mar-22-2023&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Related

nessus 54
redhat 15
debiancve 1
ubuntucve 1
oraclelinux 2
veracode 1
ibm 6
prion 1
cve 1
redhatcve 1
f5 1
centos 1
ubuntu 1
suse 6
nessus
nessus
RHEL 7 : kernel-rt (RHSA-2021:3439)
2021-09-07 00:00:00
RHEL 7 : kpatch-patch (RHSA-2021:3441)
2021-09-07 00:00:00
RHEL 7 : kernel (RHSA-2021:3438)
2021-09-07 00:00:00
redhat
redhat
(RHSA-2021:3438) Moderate: kernel security and bug fix update
2021-09-07 14:01:22
(RHSA-2021:3441) Moderate: kpatch-patch security update
2021-09-07 14:23:03
(RHSA-2021:3439) Moderate: kernel-rt security and bug fix update
2021-09-07 14:07:48
debiancve
debiancve
CVE-2021-3715
2022-03-02 23:15:00
ubuntucve
ubuntucve
CVE-2021-3715
2022-03-02 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2021-09-07 00:00:00
Unbreakable Enterprise kernel security update
2021-09-22 00:00:00
veracode
veracode
Privilege Escalation
2021-09-09 16:22:24
ibm
ibm
Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management
2021-12-13 05:37:01
Security Bulletin: Linux Kernel vulnerability may affect IBM Spectrum Protect Plus (CVE-2021-3715)
2022-01-28 01:26:26
Security Bulletin: Vulnerabilities in PostgreSQL, Apache, Golang Go, and Linux Kernel affect IBM Spectrum Copy Data Management
2021-12-10 23:51:51
prion
prion
Design/Logic Flaw
2022-03-02 23:15:00
cve
cve
CVE-2021-3715
2022-03-02 23:15:00
redhatcve
redhatcve
CVE-2021-3715
2021-09-07 08:38:09
f5
f5
K03674368 : Linux kernel vulnerability CVE-2021-3715
2022-03-28 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2021-09-27 14:14:52
ubuntu
ubuntu
Kernel Live Patch Security Notice
2021-11-11 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2021-11-11 00:00:00
Security update for the Linux Kernel (important)
2021-11-09 00:00:00
Security update for the Linux Kernel (important)
2021-11-15 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON
Related for DAF6551F01C268FBD54CB55E1C29D471E38C7D22707113CE16DE9C6019835D61
nessus54redhat15debiancve1ubuntucve1oraclelinux2veracode1ibm6prion1cve1redhatcve1f51centos1ubuntu1suse6