Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9C01855DE792DB516073FE7D57766225D3D1F4F50386D124FC6880AE615E0F6A
HistoryNov 08, 2022 - 8:16 p.m.

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

2022-11-0820:16:31
www.ibm.com
28
ibm security guardium
multiple vulnerabilities
denial of service
fasterxml
google protocol buffer
openssl
junit4
update fix.

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.013 Low

EPSS

Percentile

86.2%

JSON

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID:CVE-2020-36518
**DESCRIPTION:**FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222319 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-22569
**DESCRIPTION:**Google Protocol Buffer (protobuf-java) is vulnerable to a denial of service, caused by an issue with allow interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open a specially-crafted content, a remote attacker could exploit this vulnerability to cause a timeout in ProtobufFuzzer function, and results in a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216851 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-28491
**DESCRIPTION:**FasterXML jackson-dataformats-binary is vulnerable to a denial of service, caused by an unchecked allocation of byte buffer flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a java.lang.OutOfMemoryError exception resulting in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197038 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-0778
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-15250
**DESCRIPTION:**JUnit4 could allow a local attacker to obtain sensitive information, caused by a flaw in test rule TemporaryFolder. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189677 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium 11.0
IBM Security Guardium 11.1
IBM Security Guardium 11.2
IBM Security Guardium 11.3
IBM Security Guardium 11.4

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product Versions ** Fix**
IBM Security Guardium 11.0 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p51_Bundle_Sep-27-2022&includeSupersedes=0&source=fc
IBM Security Guardium 11.1 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard-11.0p165_Bundle_Sep_01_2022&includeSupersedes=0&source=fc
IBM Security Guardium 11.2 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p277_Bundle_Oct-26-2022&includeSupersedes=0&source=fc
IBM Security Guardium 11.3 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p372_Bundle_Sep-19-2022&includeSupersedes=0&source=fc
IBM Security Guardium 11.4 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p440_Bundle_Jun-03-2022&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_guardiumMatch11.0
OR
ibmsecurity_guardiumMatch11.1
OR
ibmsecurity_guardiumMatch11.2
OR
ibmsecurity_guardiumMatch11.3
OR
ibmsecurity_guardiumMatch11.4

Related

openvas 18
nessus 41
suse 1
ibm 33
osv 19
cvelist 4
prion 4
github 5
veracode 5
redhat 6
ubuntucve 5
redhatcve 4
nvd 4
cve 5
alpinelinux 2
ubuntu 1
debiancve 5
debian 2
rosalinux 1
cgr 2
wolfi 2
githubexploit 1
mageia 1
f5 1
atlassian 6
almalinux 3
oraclelinux 5
rocky 2
freebsd 1
hivepro 1
fedora 1
checkpoint_advisories 1
cbl_mariner 1
fortinet 1
cloudfoundry 1
amazon 1
slackware 1
altlinux 1
checkpoint_security 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:1678-1)
2022-05-17 00:00:00
openSUSE: Security Advisory for jackson-databind, (SUSE-SU-2022:1678-1)
2022-05-17 00:00:00
Huawei EulerOS: Security Advisory for junit (EulerOS-SA-2021-1878)
2021-05-19 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (SUSE-SU-2022:1678-1)
2022-05-17 00:00:00
EulerOS 2.0 SP3 : junit (EulerOS-SA-2021-1807)
2021-04-30 00:00:00
Debian DLA-2426-1 : junit4 security update
2020-11-02 00:00:00
suse
suse
Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (important)
2022-05-16 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition
2023-02-24 06:34:20
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-dataformat
2021-05-14 01:37:34
Security Bulletin: Information disclosure in FasterXML Jackson Dataformats affect IBM Operations Analytics - Log Analysis (CVE-2020-28491)
2022-11-22 13:01:21
osv
osv
junit4 - security update
2020-11-01 00:00:00
junit4 vulnerability
2021-02-10 18:56:08
Denial of Service (DoS) in Jackson Dataformat CBOR
2021-12-09 19:17:21
cvelist
cvelist
CVE-2020-15250 Information disclosure in JUnit4
2020-10-12 17:55:13
CVE-2020-28491 Denial of Service (DoS)
2021-02-18 00:00:00
CVE-2021-22569 Denial of Service of protobuf-java parsing procedure
2022-01-07 00:00:00
prion
prion
Design/Logic Flaw
2021-02-18 16:15:00
Information disclosure
2020-10-12 18:15:00
Code injection
2022-01-10 14:10:00
github
github
Denial of Service (DoS) in Jackson Dataformat CBOR
2021-12-09 19:17:21
skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
2022-07-21 22:35:12
A potential Denial of Service issue in protobuf-java
2022-01-07 22:31:44
veracode
veracode
Denial Of Service (DoS)
2021-02-19 01:15:41
Denial Of Service (DoS)
2022-06-01 09:52:03
Denial Of Service (DoS)
2022-01-10 05:41:50
redhat
redhat
(RHSA-2021:3125) Moderate: Red Hat build of Eclipse Vert.x 4.1.2 security update
2021-08-18 16:52:59
(RHSA-2022:5596) Moderate: Red Hat build of Quarkus 2.7.6 release and security update
2022-07-19 11:26:48
(RHSA-2024:3061) Moderate: pki-core:10.6 and pki-deps:10.6 security update
2024-05-22 06:35:29
ubuntucve
ubuntucve
CVE-2020-15250
2020-10-12 00:00:00
CVE-2021-22569
2022-01-10 00:00:00
CVE-2020-28491
2021-02-18 00:00:00
redhatcve
redhatcve
CVE-2020-28491
2021-06-18 10:50:29
CVE-2021-22569
2022-01-12 23:32:15
CVE-2020-15250
2020-10-13 20:15:34
nvd
nvd
CVE-2020-28491
2021-02-18 16:15:13
CVE-2020-15250
2020-10-12 18:15:13
CVE-2021-22569
2022-01-10 14:10:16
cve
cve
CVE-2020-28491
2021-02-18 16:15:13
CVE-2020-15250
2020-10-12 18:15:13
CVE-2021-22569
2022-01-10 14:10:16
alpinelinux
alpinelinux
CVE-2020-15250
2020-10-12 18:15:13
CVE-2022-0778
2022-03-15 17:15:08
ubuntu
ubuntu
JUnit 4 vulnerability
2021-02-10 00:00:00
debiancve
debiancve
CVE-2020-15250
2020-10-12 18:15:13
CVE-2021-22569
2022-01-10 14:10:16
CVE-2020-28491
2021-02-18 16:15:13
debian
debian
[SECURITY] [DLA 2426-1] junit4 security update
2020-11-01 17:12:20
[SECURITY] [DLA 2990-1] jackson-databind security update
2022-05-02 18:33:27
rosalinux
rosalinux
Advisory ROSA-SA-2021-1857
2021-07-02 17:07:48
cgr
cgr
CVE-2021-22569 vulnerabilities
2024-05-19 03:07:16
CVE-2020-36518 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2021-22569 vulnerabilities
2024-06-29 09:08:33
CVE-2020-36518 vulnerabilities
2024-05-29 03:07:31
githubexploit
githubexploit
Exploit for Vulnerability in Google Protobuf-Kotlin
2022-01-13 03:33:54
mageia
mageia
Updated junit packages fix a security vulnerability
2020-11-08 17:14:27
f5
f5
K000133686 : protobuf-java vulnerability CVE-2021-22569
2023-04-27 00:00:00
atlassian
atlassian
com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server
2023-10-09 01:44:41
Bump jackson-databind dependency to 2.13.4.2
2023-01-12 09:57:47
jackson-databind Vulnerability in Bamboo Data Center and Server
2023-10-06 17:44:47
almalinux
almalinux
Moderate: jackson security update
2023-05-09 00:00:00
Moderate: pki-core:10.6 and pki-deps:10.6 security update
2024-05-22 00:00:00
Important: openssl security update
2022-03-28 07:46:07
oraclelinux
oraclelinux
jackson security update
2023-05-15 00:00:00
pki-core:10.6 and pki-deps:10.6 security update
2024-05-24 00:00:00
openssl security update
2022-03-18 00:00:00
rocky
rocky
pki-core:10.6 and pki-deps:10.6 security update
2024-06-14 13:59:30
compat-openssl11 security and bug fix update
2022-06-02 21:13:31
freebsd
freebsd
kafka -- Denial Of Service vulnerability
2022-03-11 00:00:00
hivepro
hivepro
OpenSSL exposed to Denial-of-service vulnerability causing Infinite Loop
2022-03-17 14:17:00
fedora
fedora
[SECURITY] Fedora 35 Update: openssl-1.1.1n-1.fc35
2022-03-22 03:44:53
checkpoint_advisories
checkpoint_advisories
OpenSSL Denial of Service (CVE-2022-0778)
2022-03-27 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-0778 affecting package openssl for versions less than 1.1.1k-12
2022-04-09 06:51:56
fortinet
fortinet
Protect
2022-04-01 00:00:00
cloudfoundry
cloudfoundry
USN-5328-1: OpenSSL vulnerability | Cloud Foundry
2022-05-23 00:00:00
amazon
amazon
Important: openssl, openssl11
2022-03-15 18:49:00
slackware
slackware
[slackware-security] openssl
2022-03-17 19:59:07
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 14.19.1-alt1
2022-04-29 00:00:00
checkpoint_security
checkpoint_security
Check Point response to CVE-2022-0778
2022-07-03 22:15:24

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.013 Low

EPSS

Percentile

86.2%

JSON
Related for 9C01855DE792DB516073FE7D57766225D3D1F4F50386D124FC6880AE615E0F6A
openvas18nessus41suse1ibm33osv19cvelist4prion4github5veracode5redhat6ubuntucve5redhatcve4nvd4cve5alpinelinux2ubuntu1debiancve5debian2rosalinux1cgr2wolfi2githubexploit1mageia1f51atlassian6almalinux3oraclelinux5rocky2freebsd1hivepro1fedora1checkpoint_advisories1cbl_mariner1fortinet1cloudfoundry1amazon1slackware1altlinux1checkpoint_security1