Security Bulletin: Unspecified vulnerability in InfoSphere Guardium allows remote unauthenticated attackers to create unprivileged user accounts (CVE-2012-3338)

Abstract

Unspecified vulnerability in InfoSphere Guardium allows remote unauthenticated attackers to create unprivileged user accounts.

Content

VULNERABILITY DETAILS:
CVE ID: CVE-2012-3338

DESCRIPTION:
There is a way for an attacker to login to the InfoSphere Guardium User Interface with the known username and password he has created.

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/78286&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

AFFECTED PLATFORMS:
IBM InfoSphere Guardium 8.2 and earlier

REMEDIATION:
Apply the patch for password disclosure .

As of August 24, 2012, the latest Guardium patches and GPU fixpacks for all versions are available through FixCentral.

Using version 8.2 with CSRF filtering enabled, prevents this exploit. Versions 8.0 and 8.01 are not capable of CSRF filtering. As such, users are encouraged to update to 8.2.
See the version 8.2 release notes for information on enabling CSRF protection.

To confirm the CSRF is enabled in version 8.2, run following command in CLI:
show gui csrf_status

If the result is “Disabled” then execute the following command to enable CSRF filtering:
store gui csrf_status on

WORKAROUND:
None known; apply fixes

REFERENCES:
· On-line Calculator V2
· X-Force Vulnerability Database
· CVE-2012-3312

RELATED INFORMATION:
· IBM Secure Engineering Web Portal
· IBM Product Security Incident Response Blog** **

[{“Product”:{“code”:“SSMPHH”,“label”:“IBM Security Guardium”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:“Not Applicable”,“Platform”:[{“code”:“PF016”,“label”:“Linux”}],“Version”:“8.2;8.0.1;8.0”,“Edition”:“”,“Line of Business”:{“code”:“LOB24”,“label”:“Security Software”}}]