IBM Security Guardium has addressed the following vulnerabilities.
CVEID:CVE-2019-11884
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw in the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c. By using a HIDPCONNADD command, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161261 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2019-11833
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by the failure to zero out the unused memory region in the extent tree block in extents.c. By reading uninitialized data in the filesystem, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161235 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Security Guardium | 11.0 |
IBM Security Guardium | 11.1 |
Product
|
VRMF
|
Remediation / First Fix
—|—|—
IBM Security Guardium| 11.0| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur…
IBM Security Guardium| 11.1| | |
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur…
—|—
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security guardium | eq | 11.0 | |
ibm security guardium | eq | 11.1 |