Multiple vulnerabilities in IBM Security Guardium
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2023-34054 CVE-2023-5870 CVE-2023-34062 CVE-2023-34059 CVE-2023-34058 CVE-2023-5367 CVE-2023-5869 CVE-2023-47709 CVE-2023-47712 CVE-2023-47711 |
| CWE-ID | CWE-20 CWE-264 CWE-22 CWE-284 CWE-285 CWE-787 CWE-190 CWE-77 CWE-434 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM Security Guardium Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU83580
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-34054
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP requests to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.2 - 12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7150840
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU82943
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-5870
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to pg_cancel_backend rolse signals background workers, including the logical replication launcher, autovacuum workers and the autovacuum launcher. A remote privileged user can abuse this behavior and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.2 - 12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7150840
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Path traversal
EUVDB-ID: #VU84037
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-34062
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Successful exploitation of the vulnerability requires that Reactor Netty HTTP Server is configured to serve static resources.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.2 - 12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7150840
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU82560
Risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-34059
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the vmware-user-suid-wrapper. A local attacker can hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.2 - 12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7150840
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Authorization
EUVDB-ID: #VU82520
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-34058
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error when handling SAML token signature. A remote attacker that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.
Install update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.2 - 12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7150840
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU82380
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-5367
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in IChangeDeviceProperty/RRChangeOutputProperty. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.2 - 12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7150840
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU82942
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-5869
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in array modification. A remote user can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.2 - 12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7150840
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Command Injection
EUVDB-ID: #VU89425
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47709
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote privileged user can execute arbitrary commands on the system by sending a specially crafted request.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.2 - 12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7150840
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU89426
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-47712
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A local user can bypass security restrictions and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.2 - 12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7150840
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Arbitrary file upload
EUVDB-ID: #VU89427
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-47711
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to cause a denial of service.
The vulnerability exists due to insufficient validation of file during file upload. A remote privileged user can upload a malicious file to cause a denial of service.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.2 - 12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7150840
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
