Man-in-the-middle attack in IBM Security Guardium - CVE-2017-1267
Published: August 1, 2017
Vulnerability identifier: #VU7646
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-1267
CWE-ID: CWE-300
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM Security Guardium
IBM Security Guardium
Detailed vulnerability description
The vulnerability allows a remote attacker to conduct man-in-the-middle attack.
The weakness exists due to an error when authenticating and validation of integrity of patches, image backups, and other updates. A remote attacker can conduct man-in-the-middle attack and modify data on the system or execute arbitrary code.
The weakness exists due to an error when authenticating and validation of integrity of patches, image backups, and other updates. A remote attacker can conduct man-in-the-middle attack and modify data on the system or execute arbitrary code.
How to mitigate CVE-2017-1267
Update to version 10.1.3.
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm...
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm...