#VU70540 Information disclosure in IBM Security Guardium


Published: 2022-12-29

Vulnerability identifier: #VU70540

Vulnerability risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-39166

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM Security Guardium
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: IBM Corporation

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can obtain sensitive information inside of an HTTP response.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM Security Guardium: 11.4

External links
http://www.ibm.com/support/pages/node/6848317
http://exchange.xforce.ibmcloud.com/vulnerabilities/235405

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Security Guardium