IBM Support

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Security Bulletin


Summary

IBM Security Guardium has fixed this vulnerability

Vulnerability Details

CVEID:   CVE-2018-1288
DESCRIPTION:   Apache Kafka could allow a remote authenticated attacker to bypass security restrictions. By using a manually created fetch request interfering with data replication, an attacker could exploit this vulnerability to perform action reserved for the Broker.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/147455 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2017-12610
DESCRIPTION:   Apache Kafka could allow a remote authenticated attacker to bypass security restrictions. By using a manually specially crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication, an attacker could exploit this vulnerability to impersonate other users.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/147456 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2016-5007
DESCRIPTION:   Pivotal Spring Security and Spring Framework could provide weaker than expected security, caused by the difference in the strictness of the pattern matching mechanisms. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/126679 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2019-17195
DESCRIPTION:   Connect2id Nimbus JOSE+JWT is vulnerable to a denial of service, caused by the throwing of various uncaught exceptions while parsing a JWT. An attacker could exploit this vulnerability to crash the application or obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169514 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID:   CVE-2011-4969
DESCRIPTION:   jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when handling the "location.hash" property. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/82875 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:   CVE-2012-6708
DESCRIPTION:   jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery(strInput) function. A remote attacker could exploit this vulnerability using the to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/138055 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2015-9251
DESCRIPTION:   jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/138029 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2019-11358
DESCRIPTION:   jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159633 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2018-11798
DESCRIPTION:   Apache Thrift could allow a remote attacker to obtain sensitive information, caused by improper access control in the Node.js static file server. An attacker could send a specially crafted request to access arbitrary files that are stored outside the set webservers docroot path.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/155198 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2018-1320
DESCRIPTION:   Apache Thrift could allow a remote attacker to bypass security restrictions, caused by the disablement of an assert used to determine if the SASL handshake had successfully completed. An attacker could exploit this vulnerability to bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/155199 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2018-11744
DESCRIPTION:   Cloudera Manager could allow a remote attacker to execute arbitrary code on the system, caused by improper access control by the ZooKeeper service. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code, obtain sensitive information or cause a denial of service condition.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163636 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2018-15913
DESCRIPTION:   Cloudera Manager could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using the returnUrl parameter to redirect a victim to arbitrary Web sites.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/152662 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2018-1000180
DESCRIPTION:   Bouncy Castle could provide weaker than expected security, caused by an error in the Low-level interface to RSA key pair generator. The RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/144810 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2018-1000613
DESCRIPTION:   Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe reflection flaw in XMSS/XMSS^MT private key deserialization. By using specially-crafted private key, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148041 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2019-11269
DESCRIPTION:   Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using redirect_uri parameter in a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162650 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)

CVEID:   CVE-2019-3778
DESCRIPTION:   Spring Security OAuth could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in authorization endpoint. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158330 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)

CVEID:   CVE-2007-2582
DESCRIPTION:   Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."
CVSS Base score: 7
CVSS Vector:

CVEID:   CVE-2007-3676
DESCRIPTION:   The IBM DB2 Administration Server (DAS) server could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in db2dassrm. By sending a specially-crafted request to TCP port 523, a remote attacker could crash the service or execute arbitrary code with elevated privileges.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/40230 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID:   CVE-2007-5090
DESCRIPTION:   IBM Rational ClearQuest has an unspecified vulnerability which could allow a local attacker to manipulate data. An attacker could exploit this vulnerability to possibly launch further attacks on the vulnerable system.
CVSS Base score: 1.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/36771 for the current score.
CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)

CVEID:   CVE-2007-5652
DESCRIPTION:   IBM DB2 is vulnerable to a denial of service caused by unspecified memory corruption errors in UDB authentication list handling. An attacker could exploit this vulnerability through unknown attack vectors to crash the authentication routine.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/37290 for the current score.
CVSS Vector: (AV:A/AC:M/Au:N/C:N/I:P/A:P)

CVEID:   CVE-2008-3958
DESCRIPTION:   IBM DB2 UDB is vulnerable to a denial of service, caused by an unspecified error when processing requests. By sending a specially-crafted CONNECT and ATTACH request that simulates a v7 client connect/attach request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/45133 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:   CVE-2008-3959
DESCRIPTION:   IBM DB2 UDB is vulnerable to a denial of service, caused by an unspecified error when processing requests. By sending a specially-crafted CONNECT and ATTACH request that simulates a v7 client connect/attach request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/45134 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:   CVE-2008-4691
DESCRIPTION:   An unspecified error in IBM DB2 related to the SQLNLS_UNPADDEDCHARLEN() function can cause a segmentation fault, resulting in a denial of service.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/46019 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:   CVE-2008-4692
DESCRIPTION:   An unspecified error in IBM DB2 related to the failure to drop views and triggers within the Native Managed Provider for .NET has an unknown impact and attack vector.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/46021 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID:   CVE-2008-4693
DESCRIPTION:   An unspecified vulnerability in IBM DB2 related to Sort/List services could allow a remote attacker to obtain password-related connection string keyword values and other sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/46022 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID:   CVE-2009-1239
DESCRIPTION:   IBM DB2 could allow a remote attacker to obtain sensitive information, caused by the return of incorrect query results related to the order of application for an INNER JOIN predicate and an OUTER JOIN predicate. A remote attacker could exploit this vulnerability using a specially-crafted query to obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/49864 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID:   CVE-2009-1905
DESCRIPTION:   IBM DB2 could allow a remote attacker to bypass security restrictions, caused by an error when using LDAP-based authentication. An attacker could exploit this vulnerability to gain unauthorized access to the system.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/50909 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID:   CVE-2009-2858
DESCRIPTION:   IBM DB2 is vulnerable to a denial of service, caused by a memory leak in the Security component. A remote attacker could exploit this vulnerability using attack vectors related to private memory within the DB2 memory structure to cause the system to consume all available memory resources.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/52682 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVEID:   CVE-2009-2859
DESCRIPTION:   IBM DB2 could allow a local attacker to gain elevated privileges on the system, caused by an unspecified error related to the DAS command. A local attacker could exploit this vulnerability to write to arbitrary files and gain root privileges on the system.
CVSS Base score: 6.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/52680 for the current score.
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID:   CVE-2009-2860
DESCRIPTION:   IBM DB2 is vulnerable to a denial of service, caused by an unspecified error in DB2JDS (JDBC Applet Server Service). By sending specially-crafted packets, a local attacker could exploit this vulnerability to cause the service to crash.
CVSS Base score: 1.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/52681 for the current score.
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P)

CVEID:   CVE-2010-1560
DESCRIPTION:   IBM DB2 is vulnerable to a denial of service, caused by a buffer overflow error by the REPEAT function. A remote authenticated attacker could exploit this vulnerability to overflow a buffer and cause the server to crash.
CVSS Base score: 3.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/58070 for the current score.
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID:   CVE-2011-0731
DESCRIPTION:   IBM DB2 is vulnerable to a buffer overflow, caused by improper bounds checking by the DAS (DB2 Administration Server). By sending specially-crafted requests, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/65007 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID:   CVE-2011-0757
DESCRIPTION:   IBM DB2 could allow a remote attacker to gain elevated privileges on the system, caused by an error while revoking DBADM privileges. An attacker could exploit this vulnerability to execute non-DDL statements and gain elevated privileges on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/65008 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID:   CVE-2011-1373
DESCRIPTION:   IBM DB2 running on UNIX platforms is vulnerable to a denial of service, caused by an error when STMM is enabled and DATABASE_MEMORY set to AUTOMATIC. A local attacker could exploit this vulnerability to cause DB2 to crash.
CVSS Base score: 1.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/71043 for the current score.
CVSS Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P)

CVEID:   CVE-2011-1846
DESCRIPTION:   IBM DB2 could allow a remote attacker bypass security restrictions, caused by an error in the Relational Data Services component. An attacker could exploit this vulnerability to grant users privileges after the membership has been revoked.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/66980 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:   CVE-2011-1847
DESCRIPTION:   IBM DB2 could allow a remote attacker bypass security restrictions, caused by an error in the Relational Data Services component. An attacker could exploit this vulnerability to update table statistics.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/66979 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:   CVE-2012-3324
DESCRIPTION:   IBM DB2, when running on Microsft Windows, could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user-supplied input by routines within the UTL_FILE module. An attacker could exploit this vulnerability by using a specially-crafted file name via a vulnerable application to view, modify, or delete arbitrary files on the system.
CVSS Base score: 8.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/77924 for the current score.
CVSS Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:C)

Affected Products and Versions

Affected Product(s)Version(s)
IBM Security Guardium11.0
IBM Security Guardium11.1

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Kamil Sarbinowski, Vince Dragnea, Troy Fisher and Elaheh Samani from IBM X-Force Ethical Hacking Team.

Change History

06 Oct 2020: Initial Publication
22 Oct 2020: Second Publication
13 Apr 2020: Third Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document Location

Worldwide

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"11.0, 11.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"11.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
13 April 2021

UID

ibm16347588