IBM Security Guardium has fixed these vulnerabilities
CVEID:CVE-2018-8909
**DESCRIPTION:**Wire App for Android could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) in a filename of a received file, related to AssetService.scala to write to pathnames outside of the downloads directory.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/140624 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2021-41100
**DESCRIPTION:**Wire wire-server could allow a remote attacker to bypass security restrictions, caused by improper session management for the short lived token. By changing the email address, an attacker could exploit this vulnerability to takeover the user account.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210610 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2021-41119
**DESCRIPTION:**Wire-server is vulnerable to a denial of service, caused by a hash collision. By using a specially crafted object, a remote attacker could exploit this vulnerability to cause a heavy load to the server, resulting in a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224852 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Security Guardium | 11.5 |
IBM encourages customers to update their systems promptly.
Product | Versions | ** Fix** |
---|---|---|
IBM Security Guardium | 11.5 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security guardium | eq | 11.5 |