IBM Security Guardium has fixed this vulnerability
CVEID:CVE-2020-4689
**DESCRIPTION:**IBM Security Guardium is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186696 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-4679
**DESCRIPTION:**IBM Security Guardium is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186424 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
CVEID:CVE-2020-4678
**DESCRIPTION:**IBM Security Guardium could allow an attacker with admin access to obtain and read files that they normally would not have access to.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186423 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2020-4680
**DESCRIPTION:**IBM Security Guardium is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186426 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID:CVE-2020-4681
**DESCRIPTION:**IBM Security Guardium is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186427 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Security Guardium | 11.0 |
IBM Security Guardium| 11.1
IBM Security Guardium| 11.2
Product | Versions | Fix |
---|---|---|
IBM Security Guardium | 11.0 | |
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur… | ||
IBM Security Guardium | 11.1 | |
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur… | ||
IBM Security Guardium | 11.2 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur… |
None