IBM Support

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift

Security Bulletin


Summary

IBM Security Guardium has fixed these vulnerabilities by updating the Apache Thrift component.

Vulnerability Details

CVEID:   CVE-2016-5397
DESCRIPTION:   Apache Thrift could allow a remote attacker to execute arbitrary commands on the system, caused by the use of an external formatting tool during code generation in the Go client library. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/139426 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2018-11798
DESCRIPTION:   Apache Thrift could allow a remote attacker to obtain sensitive information, caused by improper access control in the Node.js static file server. An attacker could send a specially crafted request to access arbitrary files that are stored outside the set webservers docroot path.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/155198 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2018-1320
DESCRIPTION:   Apache Thrift could allow a remote attacker to bypass security restrictions, caused by the disablement of an assert used to determine if the SASL handshake had successfully completed. An attacker could exploit this vulnerability to bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/155199 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2019-0205
DESCRIPTION:   Apache Thrift is vulnerable to a denial of service, caused by an error when processing untrusted Thrift payload. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169460 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2019-0210
DESCRIPTION:   Apache Thrift is vulnerable to a denial of service, caused by an out-of-bounds read in a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol. A remote attacker could exploit this vulnerability to cause the application to panic.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169459 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2020-13949
DESCRIPTION:   Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploit this vulnerability to cause a large memory allocation.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196738 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)Version(s)
IBM Security Guardium10.5
IBM Security Guardium10.6
IBM Security Guardium11.0
IBM Security Guardium11.1
IBM Security Guardium11.2
IBM Security Guardium11.3
IBM Security Guardium11.4

Remediation/Fixes

IBM strongly recommends addressing these vulnerabilities now by updating your systems.

 ProductVersions Fix
IBM Security Guardium10.5http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p550_Bundle_Mar-27-2022&includeSupersedes=0&source=fc
IBM Security Guardium10.6http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p692_Bundle_May-12-2022&includeSupersedes=0&source=fc
IBM Security Guardium11.0http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p45_Bundle_May-03-2022&includeSupersedes=0&source=fc
IBM Security Guardium11.1http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p160_Bundle_Mar-23-2022&includeSupersedes=0&source=fc
IBM Security Guardium11.2http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p270_Bundle_Feb-24-2022&includeSupersedes=0&source=fc
IBM Security Guardium11.3http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p360_Bundle_Mar-24-2022&includeSupersedes=0&source=fc
IBM Security Guardium11.4http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p440_Bundle_Jun-03-2022&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Acknowledgement

John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo, Geoffrey Owden, and Ben Goodspeed from the IBM X-Force Ethical Hacking Team.

Change History

15 Mar 2022: Initial Publication
14 April 2022: Second Publication
12 May 2022: Third Publication
27 May 2022: Fourth Publication
18 June 2022: Fifth Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.5, 10.6, 11.0, 11.1, 11.2, 11.3, 11.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
20 June 2022

UID

ibm16572497

Page Feedback