Lucene search

[email protected]CVE-2016-0236

HistoryOct 21, 2016 - 5:59 p.m.

CVE-2016-0236

2016-10-2117:59:00

CWE-77

[email protected]

web.nvd.nist.gov

150

ibm

security

guardium

database activity monitor

remote execution

cve-2016-0236

nvd

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.

Affected configurations

NVD

Node

ibmsecurity_guardium_database_activity_monitorMatch8.2

ibmsecurity_guardium_database_activity_monitorMatch9.0

ibmsecurity_guardium_database_activity_monitorMatch9.1

ibmsecurity_guardium_database_activity_monitorMatch9.5

ibmsecurity_guardium_database_activity_monitorMatch10.0

ibmsecurity_guardium_database_activity_monitorMatch10.1

ibmsecurity_guardium_database_activity_monitorMatch10.01

CPENameOperatorVersion
ibm:security_guardium_database_activity_monitoribm security guardium database activity monitoreq8.2
ibm:security_guardium_database_activity_monitoribm security guardium database activity monitoreq9.0
ibm:security_guardium_database_activity_monitoribm security guardium database activity monitoreq9.1
ibm:security_guardium_database_activity_monitoribm security guardium database activity monitoreq9.5
ibm:security_guardium_database_activity_monitoribm security guardium database activity monitoreq10.0
ibm:security_guardium_database_activity_monitoribm security guardium database activity monitoreq10.1
ibm:security_guardium_database_activity_monitoribm security guardium database activity monitoreq10.01

CPE	Name	Operator	Version
ibm:security_guardium_database_activity_monitor	ibm security guardium database activity monitor	eq	8.2
ibm:security_guardium_database_activity_monitor	ibm security guardium database activity monitor	eq	9.0
ibm:security_guardium_database_activity_monitor	ibm security guardium database activity monitor	eq	9.1
ibm:security_guardium_database_activity_monitor	ibm security guardium database activity monitor	eq	9.5
ibm:security_guardium_database_activity_monitor	ibm security guardium database activity monitor	eq	10.0
ibm:security_guardium_database_activity_monitor	ibm security guardium database activity monitor	eq	10.1
ibm:security_guardium_database_activity_monitor	ibm security guardium database activity monitor	eq	10.01

References

www-01.ibm.com/support/docview.wss?uid=swg21990372

www.securityfocus.com/bid/93823

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for CVE-2016-0236

cvelist1 ibm1 nvd1 prion1