IBM Security Guardium has addressed the following vulnerabilities.
CVEID: CVE-2017-8039 DESCRIPTION: Pivotal Spring Web Flow could provide weaker than expected security, caused by an error related to applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135398> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2017-4971 DESCRIPTION: Pivotal Spring Web Flow could provide weaker than expected, caused by an error related to applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127748> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2016-9878 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize paths provided to ResourceServlet. An attacker could send a specially-crafted URL request containing directory traversal sequences to view arbitrary files on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120241> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected IBM Security Guardium
|
Affected Versions
—|—
IBM Security Guardium | 10.5
Product
|
VRMF
|
Remediation / First Fix
—|—|—
IBM Security Guardium | 10.5 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FInfoSphere+Guardium&fixids=SqlGuard_10.0p512_Sep-24-2018&source=SAR&function=fixId&parent=IBM Security
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security guardium | eq | 10.5 |