IBM Support

Multiple SQL injection security vulnerabilities in InfoSphere Guardium
(CVE-2012-3336)

Flashes (Alerts)


Abstract

Multiple vulnerabilities in several files allow remote attackers to inject arbitrary web script or HTML.

Content

VULNERABILITY DETAILS:
CVE ID: CVE-2012-3336

DESCRIPTION:
Multiple SQL injection vulnerabilities in several files allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Note that at least one of this SQL injection can be performed by low-privileged users.

CVSS:
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/78282 for the current score
CVSS Environmental Score*: Undefined

AFFECTED PLATFORMS:
IBM InfoSphere Guardium 8.2 and earlier

REMEDIATION:
Apply the patch for password disclosure which is included in the latest GPU for all versions .

As of August 24, 2012, the latest Guardium patches and GPU fixpacks for all versions are available through FixCentral.

REFERENCES:
· On-line Calculator V2
· X-Force Vulnerability Database
· CVE-2012-3312

RELATED INFORMATION:
· IBM Secure Engineering Web Portal
· IBM Product Security Incident Response Blog

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"8.2;8.0.1;8.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21611130