IBM Security Guardium has addressed the following vulnerabilities.
CVEID: CVE-2016-5007 DESCRIPTION: Pivotal Spring Security and Spring Framework could provide weaker than expected security, caused by the difference in the strictness of the pattern matching mechanisms. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126679 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2015-5211 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to download arbitrary files, caused by a reflected file download attack. By using a specially crafted URL with a batch script extension, an attacker could exploit this vulnerability to download a malicious response.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130673 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
Affected IBM Security Guardium
|
Affected Versions
—|—
IBM Security Guardium | 10.5 - 10.6
Product
|
VRMF
|
Remediation / First Fix
—|—|—
IBM Security Guardium | 10.5 - 10.6 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p610_Combined-Fix-Pack-for-GPU-600_2019-02-27&includeSupersedes=0&source=fc
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security guardium | eq | 10.5 | |
ibm security guardium | eq | 10.6 |