Multiple vulnerabilities in IBM Security Guardium Insights
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2021-3538 CVE-2021-33502 CVE-2021-3450 CVE-2021-3449 |
| CWE-ID | CWE-338 CWE-185 CWE-254 CWE-476 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software Subscribe |
IBM Security Guardium Insights Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
EUVDB-ID: #VU67560
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3538
CWE-ID:
CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in github.com/satori/go.uuid due to insecure randomness in the g.rand.Read() function. A remote attacker can trigger trigger the vulnerability to execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium Insights: 3.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-cve-2021-3538-cve-2021-33502-cve-2021-3450-cve-2021-3449/
http://www.ibm.com/support/pages/node/6491127
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Incorrect Regular Expression
EUVDB-ID: #VU63698
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33502
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to exponential performance for data. A remote attacker can pass specially crafted data to the application and perform a regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsIBM Security Guardium Insights: 3.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-cve-2021-3538-cve-2021-33502-cve-2021-3450-cve-2021-3449/
http://www.ibm.com/support/pages/node/6491127
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security features bypass
EUVDB-ID: #VU51732
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3450
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in implementation of the X509_V_FLAG_X509_STRICT flag allows an attacker to overwrite a valid CA certificate using any non-CA certificate in the chain. As a result, a remote attacker can perform MitM attack.
Install update from vendor's website.
Vulnerable software versionsIBM Security Guardium Insights: 3.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-cve-2021-3538-cve-2021-33502-cve-2021-3450-cve-2021-3449/
http://www.ibm.com/support/pages/node/6491127
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU51733
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-3449
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when processing TLSv1.2 renegotiations. A remote attacker can send a maliciously crafted renegotiation ClientHello message, which omits the signature_algorithms extension but includes a signature_algorithms_cert extension, trigger a NULL pointer dereference error and crash the server. MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium Insights: 3.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-cve-2021-3538-cve-2021-33502-cve-2021-3450-cve-2021-3449/
http://www.ibm.com/support/pages/node/6491127
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
