Multiple vulnerabilities in IBM Security Guardium



Published: 2022-04-21
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2021-38153
CVE-2021-3712
CVE-2021-23222
CVE-2021-3677
CWE-ID CWE-208
CWE-125
CWE-311
CWE-401
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
IBM Security Guardium
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Information Exposure Through Timing Discrepancy

EUVDB-ID: #VU56790

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38153

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

the vulnerability exists due to some components in Apache Kafka use "Arrays.equals" to validate a password or key, which is vulnerable to timing attacks. A local user can abuse the "Arrays.equals" to brute force access credentials and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 11.3


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-14/
http://www.ibm.com/support/pages/node/6572989

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds read

EUVDB-ID: #VU56064

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-3712

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing ASN.1 strings related to a confusion with NULL termination of strings in array. A remote attacker can pass specially crafted data to the application to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 11.3


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-14/
http://www.ibm.com/support/pages/node/6572989

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Missing Encryption of Sensitive Data

EUVDB-ID: #VU58114

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-23222

CWE-ID: CWE-311 - Missing Encryption of Sensitive Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to the way the libpq process in PostgreSQL handles encrypted connections. A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. The attacker can exfiltrate the client's password or other confidential data that might be transmitted early in a session.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 11.3


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-14/
http://www.ibm.com/support/pages/node/6572989

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Memory leak

EUVDB-ID: #VU59043

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-3677

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a remote user to perform DoS attack or gain access to sensitive information.

The vulnerability exists due memory leak during parallel sort operations. A remote user can force the application to leak memory and perform denial of service attack or read arbitrary memory parts on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 11.3


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-14/
http://www.ibm.com/support/pages/node/6572989

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###