Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM769619371BED1B3C1A3EF1D95A674B75C8F315F915BF376F15A6B2FB2A15A9B3
HistorySep 19, 2023 - 7:25 p.m.

Security Bulletin: IBM Security Guardium is affected by an SQL Injection vulnerability (CVE-2023-33852)

2023-09-1919:25:36
www.ibm.com
20
ibm security guardium
sql injection
vulnerability
update
11.4
11.5

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

0.0005 Low

EPSS

Percentile

17.9%

JSON

Summary

IBM Security Guardium has addressed this vulnerability.

Vulnerability Details

CVEID:CVE-2023-33852
**DESCRIPTION:**IBM Security Guardium is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257614 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium 11.4
IBM Security Guardium 11.5

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product Versions ** Fix**
IBM Security Guardium 11.4 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p475_Bundle_Jul-20-2023&includeSupersedes=0&source=fc
IBM Security Guardium 11.5 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p530_Bundle_Aug-29-2023&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_guardiumMatch11.4
OR
ibmsecurity_guardiumMatch11.5

Related

cve 1
cnvd 1
cvelist 1
nvd 1
prion 1
cve
cve
CVE-2023-33852
2023-08-27 23:15:34
cnvd
cnvd
IBM Security Guardium SQL Injection Vulnerability (CNVD-2023-66731)
2023-08-29 00:00:00
cvelist
cvelist
CVE-2023-33852 IBM Security Guardium SQL injection
2023-08-27 22:46:35
nvd
nvd
CVE-2023-33852
2023-08-27 23:15:34
prion
prion
Sql injection
2023-08-27 23:15:00

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

0.0005 Low

EPSS

Percentile

17.9%

JSON
Related for 769619371BED1B3C1A3EF1D95A674B75C8F315F915BF376F15A6B2FB2A15A9B3
cve1cnvd1cvelist1nvd1prion1