SB2023031412 - Multiple vulnerabilities in IBM Security Guardium

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023031412

SB2023031412 - Multiple vulnerabilities in IBM Security Guardium

Published: March 14, 2023

Security Bulletin ID SB2023031412
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 57% Low 43%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Type Confusion (CVE-ID: CVE-2022-3676)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a type confusion error. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and access or modify memory.


2) Incorrect default permissions (CVE-ID: CVE-2022-41946)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to application stores files with sensitive information in system's temporary directory. A local user can read the files and gain access to sensitive information.


3) Input validation error (CVE-ID: CVE-2020-13956)

The vulnerability allows a remote attacker to compromise the affected application.

The vulnerability exists due to insufficient validation of user-supplied input in Apache HttpClient. A remote attacker can pass request URIs to the library as java.net.URI object and force the application to pick the wrong target host for request execution.


4) Improper input validation (CVE-ID: CVE-2022-21628)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Lightweight HTTP Server component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.


5) Improper input validation (CVE-ID: CVE-2022-21626)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.


6) Improper input validation (CVE-ID: CVE-2022-21624)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the JNDI component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


7) Improper input validation (CVE-ID: CVE-2022-21619)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


Remediation

Install update from vendor's website.

References