Security restrictions bypass in IBM Security Guardium

Published: 2018-02-09 11:29:26
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-1368
CVSSv3 4.5 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Local
Public exploit Not available
Vulnerable software IBM Security Guardium
Vulnerable software versions IBM Security Guardium 9.5
IBM Security Guardium 9.1
IBM Security Guardium 9.0
Vendor URL IBM Corporation

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists in the spam quarantine due to a lack of verification of authenticated user accounts. A remote attacker can view report pages and perform some actions that only an admin should be performing.

Remediation

Install update from vendor's website.

External links

http://www-01.ibm.com/support/docview.wss?uid=swg22013302

Back to List