Main Vulnerability Database Vulnerabilities #VU1014

SQL injection in IBM Security Guardium - CVE-2016-0249

Published: October 17, 2016 / Updated: October 17, 2016

Vulnerability identifier: #VU1014

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-0249

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Security Guardium

Detailed vulnerability description

The vulnerability allows a remote unauthenticated user to execute arbitrary SQL commands on the target system.
The weakness exists due to improper neutralization of special elements used in an SQL command and leads to arbitrary SQL commands execution.
Successful exploitatio of the vulnerability results in SQL injection attack on the vulnerable system.

How to mitigate CVE-2016-0249

Sources

http://www-01.ibm.com/support/docview.wss?uid=swg21990363

SQL injection in IBM Security Guardium - CVE-2016-0249

Detailed vulnerability description

How to mitigate CVE-2016-0249

Sources

Please verify you're human