Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by OS Command Injection vulnerability (CVE-2016-0236)

Summary IBM Security Guardium Database Activity Monitor could allow an authenticated attacker to injection commands into the search field that will be executed as root. Vulnerability Details CVEID: CVE-2016-0236 DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow an...

Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Guardium Database Activity Monitoring (CVE-2014-3566)

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Guardium Database Activity Monitoring, were disclosed as part of the IBM Java SDK updates in October 2014. The only fix applicable was for Padding Oracle On Downgraded Legacy...

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs)

Summary IBM Security Guardium Database Activity Monitor has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2017-3642 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server: Optimizer component could allow an authenticated attacker to cause a deni...

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Sensitive Information Leakage vulenrability (CVE-2017-1595)

Summary IBM Security Guardium Database Activity Monitor could allow a local attacker to obtain sensitive information via unspecified vectors. IBM Security Guardium Database Activity Monitor has provided a fix for this vulnerability. Vulnerability Details CVEID: CVE-2017-1595 DESCRIPTION: IBM...

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by OpenSource LibXML2 and LibXML Vulnerability (CVE-2015-7942 CVE-2015-8241 CVE-2015-8242)

Summary libxml2 is vulnerable to a stack-based buffer overflow, denial of service and a buffer overflow Vulnerability Details CVEID: CVE-2015-8242 DESCRIPTION: libxml2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the HTML parser in push mode in...

Information disclosure

IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328...

IBM Security Guardium Database Activity Monitor Authorization Vulnerability

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. An authorization vulnerability exists in IBM Security Guardium Databas...

CVE-2018-1368

IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM...

IBM Security Guardium Database Activity Monitor SQL Injection Vulnerability

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. A SQL injection vulnerability exists in IBM Security Guardium Database...

IBM Security Guardium Database Activity Monitor Local Command Injection Vulnerability (CNVD-2017-00060)

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. A local command injection vulnerability exists in IBM Security Guardiu...

CVE-2016-0240

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP...

CVE-2016-0240

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP...

CVE-2016-0236

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field...

IBM Security Guardium Database Activity Monitor Local Command Injection Vulnerability

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. A local command injection vulnerability exists in IBM Security Guardiu...

IBM Security Guardium Database Activity Monitor SQL Injection Vulnerability

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. A SQL injection vulnerability exists in IBM Security Guardium Database...

IBM Security Guardium Database Activity Monitor Directory Traversal Vulnerability

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. A security vulnerability exists in IBM Security Guardium Database...

IBM Security Guardium Database Activity Monitor Information Disclosure Vulnerability (CNVD-2016-03906)

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. A security vulnerability exists in IBM Security Guardium Database...