IBM Security Guardium has addressed the following vulnerabilities.
CVEID:CVE-2016-4950
**DESCRIPTION:*Cloudera Manager could allow a remote attacker to obtain sensitive information, caused by a flaw in the /api/v11/users/sessions module. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain user sessions.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123352 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2016-4949
**DESCRIPTION:*Cloudera Manager could allow a remote attacker to obtain sensitive information, caused by a flaw in the /cmf/process//logs module. By sending a specially-crafted request with âstderr.logâ or âstdout.logâ value in the filename parameter, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123353 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2016-4948
**DESCRIPTION:*Cloudera Manager is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the multiple fields to inject malicious script into a Web page which would be executed in a victimâs Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victimâs cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123354 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected IBM Security Guardium
|
Affected Versions
â|â
IBM Security Guardium | 10.5
Product
|
VRMF
|
Remediation / First Fix
â|â|â
IBM Security Guardium | 10.5 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/âŚ
None