Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD8535E734E3F548AB07B02CDF92FA67398F7AECF95E5C679590DDB4CBD927D88
HistorySep 28, 2018 - 4:30 a.m.

Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerabilities

2018-09-2804:30:01
www.ibm.com
17

0.082 Low

EPSS

Percentile

94.4%

JSON

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2015-8100 DESCRIPTION: OpenBSD could allow a local attacker to obtain sensitive information, caused by the use of 0644 permissions for snmpd.conf by the net-snmp package. By reading the file, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107941&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2015-5621 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105232&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2014-3565 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the “-OQ” option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95638&gt; for the current score

Affected Products and Versions

Affected IBM Security Guardium

|

Affected Versions

—|—
IBM Security Guardium | 10.5

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Security Guardium | 10.5 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FInfoSphere+Guardium&amp;fixids=SqlGuard_10.0p512_Sep-24-2018&amp;source=SAR&amp;function=fixId&amp;parent=IBM Security

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security guardiumeq10.5

Related

ibm 18
openvas 21
ubuntu 1
cloudfoundry 1
nessus 36
securityvulns 7
debiancve 3
alpinelinux 1
veracode 4
zdt 1
ubuntucve 5
prion 3
osv 3
freebsd 2
f5 4
nvd 3
cbl_mariner 1
cvelist 3
packetstorm 1
cve 3
oraclelinux 3
amazon 1
gentoo 1
centos 3
fedora 3
redhat 3
mageia 1
ics 1
debian 2
archlinux 1
rosalinux 1
ibm
ibm
Security Bulletin: Vulnerabilities in Net-SNMP affect IBM Security Access Manager for Web (CVE-2014-3565, CVE-2015-5621)
2018-06-16 21:38:59
Security Bulletin: Vulnerabilities in Net-SNMP affect IBM Security Access Manager for Mobile (CVE-2014-3565, CVE-2015-5621)
2018-06-16 21:39:29
Security Bulletin: A vulnerability in Net-SNMP affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-5621)
2018-06-17 15:37:48
openvas
openvas
Ubuntu: Security Advisory (USN-2711-1)
2015-08-18 00:00:00
CentOS Update for net-snmp CESA-2015:1636 centos6
2015-08-18 00:00:00
RedHat Update for net-snmp RHSA-2015:1636-01
2015-08-18 00:00:00
ubuntu
ubuntu
Net-SNMP vulnerabilities
2015-08-17 00:00:00
cloudfoundry
cloudfoundry
USN-2711-1 Net-SNMP Vulnerabilities | Cloud Foundry
2015-10-07 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Net-SNMP vulnerabilities (USN-2711-1)
2015-08-18 00:00:00
openSUSE Security Update : net-snmp (openSUSE-2015-568)
2015-09-08 00:00:00
Scientific Linux Security Update : net-snmp on SL6.x, SL7.x i386/x86_64 (20150817)
2015-08-18 00:00:00
securityvulns
securityvulns
[USN-2711-1] Net-SNMP vulnerabilities
2015-08-24 00:00:00
Net-SNMP memory corruption
2015-08-24 00:00:00
[ MDVSA-2014:184 ] net-snmp
2014-09-29 00:00:00
debiancve
debiancve
CVE-2015-8100
2015-11-10 03:59:02
CVE-2015-5621
2015-08-19 15:59:09
CVE-2014-3565
2014-10-07 14:55:04
alpinelinux
alpinelinux
CVE-2015-8100
2015-11-10 03:59:02
veracode
veracode
Information Disclosure
2023-01-19 21:06:45
Denial Of Service (DoS)
2019-01-15 09:07:07
Denial Of Service (DoS)
2019-01-15 09:06:52
zdt
zdt
OpenBSD net-snmp Information Disclosure Vulnerability
2015-11-14 00:00:00
ubuntucve
ubuntucve
CVE-2015-8100
2015-11-10 00:00:00
CVE-2015-5621
2015-07-31 00:00:00
CVE-2014-3565
2014-10-07 00:00:00
prion
prion
Design/Logic Flaw
2015-11-10 03:59:00
Design/Logic Flaw
2015-08-19 15:59:00
Design/Logic Flaw
2014-10-07 14:55:00
osv
osv
CVE-2015-8100
2015-11-10 03:59:00
net-snmp - security update
2018-03-26 00:00:00
net-snmp - security update
2018-03-28 00:00:00
freebsd
freebsd
net-snmp -- snmp_pdu_parse() function incomplete initialization
2015-04-11 00:00:00
net-snmp -- snmptrapd crash
2014-07-31 00:00:00
f5
f5
SOL17378 - SNMP vulnerability CVE-2015-5621
2015-10-07 00:00:00
K17378 : SNMP vulnerability CVE-2015-5621
2015-10-08 00:00:00
K17315 : SNMP vulnerability CVE-2014-3565
2015-09-29 00:00:00
nvd
nvd
CVE-2015-5621
2015-08-19 15:59:09
CVE-2015-8100
2015-11-10 03:59:02
CVE-2014-3565
2014-10-07 14:55:04
cbl_mariner
cbl_mariner
CVE-2015-8100 affecting package net-snmp 5.8-4
2021-04-06 23:50:12
cvelist
cvelist
CVE-2015-8100
2015-11-10 02:00:00
CVE-2015-5621
2015-08-19 15:00:00
CVE-2014-3565
2014-10-07 14:00:00
packetstorm
packetstorm
OpenBSD net-snmp Information Disclosure
2015-11-13 00:00:00
cve
cve
CVE-2015-8100
2015-11-10 03:59:02
CVE-2015-5621
2015-08-19 15:59:09
CVE-2014-3565
2014-10-07 14:55:04
oraclelinux
oraclelinux
net-snmp security update
2015-08-17 00:00:00
net-snmp security and bug fix update
2015-11-23 00:00:00
net-snmp security and bug fix update
2015-07-28 00:00:00
amazon
amazon
Medium: net-snmp
2015-09-02 12:00:00
gentoo
gentoo
SNMP: Denial of service
2015-07-10 00:00:00
centos
centos
net security update
2015-07-26 14:12:35
net security update
2015-11-30 19:45:16
net security update
2015-08-17 16:22:33
fedora
fedora
[SECURITY] Fedora 19 Update: net-snmp-5.7.2-15.fc19
2014-09-10 13:27:10
[SECURITY] Fedora 20 Update: net-snmp-5.7.2-18.fc20
2014-09-09 22:10:31
[SECURITY] Fedora 21 Update: net-snmp-5.7.2-23.fc21
2014-09-23 05:00:09
redhat
redhat
(RHSA-2015:2345) Moderate: net-snmp security and bug fix update
2015-11-19 13:36:48
(RHSA-2015:1385) Moderate: net-snmp security and bug fix update
2015-07-22 00:00:00
(RHSA-2015:1636) Moderate: net-snmp security update
2015-08-17 00:00:00
mageia
mageia
Updated net-snmp packages fix CVE-2014-3565
2014-09-05 13:07:37
ics
ics
Siemens Industrial Products SNMP (Update F)
2022-04-14 12:00:00
debian
debian
[SECURITY] [DSA 4154-1] net-snmp security update
2018-03-28 09:21:30
[SECURITY] [DSA 4154-1] net-snmp security update
2018-03-28 09:21:30
archlinux
archlinux
[ASA-201810-11] net-snmp: multiple issues
2018-10-17 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1929
2021-07-02 17:32:57

0.082 Low

EPSS

Percentile

94.4%

JSON
Related for D8535E734E3F548AB07B02CDF92FA67398F7AECF95E5C679590DDB4CBD927D88
ibm18openvas21ubuntu1cloudfoundry1nessus36securityvulns7debiancve3alpinelinux1veracode4zdt1ubuntucve5prion3osv3freebsd2f54nvd3cbl_mariner1cvelist3packetstorm1cve3oraclelinux3amazon1gentoo1centos3fedora3redhat3mageia1ics1debian2archlinux1rosalinux1