Main Vulnerability Database Vulnerabilities #VU1014

#VU1014 SQL injection in IBM Security Guardium - CVE-2016-0249

Published: October 17, 2016 / Updated: October 17, 2016

Vulnerability identifier: #VU1014

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-0249

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM Security Guardium

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote unauthenticated user to execute arbitrary SQL commands on the target system.
The weakness exists due to improper neutralization of special elements used in an SQL command and leads to arbitrary SQL commands execution.
Successful exploitatio of the vulnerability results in SQL injection attack on the vulnerable system.

Remediation

External links

http://www-01.ibm.com/support/docview.wss?uid=swg21990363