Relative path traversal vulnerability in InfoSphere Guardium allows remote unauthenticated attackers to download arbitrary files via unspecified vectors.
VULNERABILITY DETAILS:
CVE ID: CVE-2012-3337
DESCRIPTION:
Multiple SQL injection vulnerabilities in several files allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Note that at least one of these SQL injections can be performed by low-privileged users. Hacked GIM Server allows download of any file in the system
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/78284> for the current score
CVSS Environmental Score*: Undefined
AFFECTED PLATFORMS:
IBM InfoSphere Guardium 8.2 and earlier
REMEDIATION:
Apply the patch for password disclosure which is within the latest GPU for each version.
As of August 24, 2012, the latest Guardium patches and GPU fixpacks for all versions are available through FixCentral.
REFERENCES:
ยท On-line Calculator V2
ยท X-Force Vulnerability Database
ยท CVE-2012-3312
RELATED INFORMATION:
ยท IBM Secure Engineering Web Portal
ยท IBM Product Security Incident Response Blog** **
[{โProductโ:{โcodeโ:โSSMPHHโ,โlabelโ:โIBM Security Guardiumโ},โBusiness Unitโ:{โcodeโ:โBU059โ,โlabelโ:โIBM Software w/o TPSโ},โComponentโ:โโโ,โPlatformโ:[{โcodeโ:โPF016โ,โlabelโ:โLinuxโ}],โVersionโ:โ8.2;8.0.1;8.0โ,โEditionโ:โโ,โLine of Businessโ:{โcodeโ:โLOB24โ,โlabelโ:โSecurity Softwareโ}}]