IBMB5D3CBC8303AFE13664597A8E9C5222B5FD7EA238E25D4C36FF86C202367E2A7Security Bulletin: IBM Security Guardium is affected by Python vulnerabilities
0.005 Low
EPSS
Percentile
75.5%
Summary
IBM Security Guardium has addressed the following vulnerabilities.
Vulnerability Details
CVEID:CVE-2019-9948
**DESCRIPTION:**Python could allow a remote attacker to bypass security restrictions, caused by improper input validation by the urllib. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass the blocklist file: URIs protection mechanisms.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158831 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2019-9947
**DESCRIPTION:**Python is vulnerable to HTTP header injection, caused by improper validation of input in urllib and urllib2. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158830 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Guardium | 11.0 |
| IBM Security Guardium | 11.1 |
Remediation/Fixes
Product
|
VRMF
|
Remediation / First Fix
—|—|—
IBM Security Guardium| 11.0| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur…
IBM Security Guardium| 11.1| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur…
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security guardium | eq | 110.11. |
Related
0.005 Low
EPSS
Percentile
75.5%