There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in July 2020
CVEID:CVE-2020-4688
**DESCRIPTION:**IBM Security Guardium could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186700 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2020-4921
**DESCRIPTION:**IBM Security Guardium is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191398 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Security Guardium | 10.5 |
IBM Security Guardium| 10.6
IBM Security Guardium| 11.0
IBM Security Guardium| 11.1
IBM Security Guardium| 11.2
IBM Security Guardium| 11.3
None