Unspecified vulnerability in InfoSphere Guardium allows remote unauthenticated attackers to create unprivileged user accounts.
VULNERABILITY DETAILS:
CVE ID: CVE-2012-3338
DESCRIPTION:
There is a way for an attacker to login to the InfoSphere Guardium User Interface with the known username and password he has created.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/78286> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
AFFECTED PLATFORMS:
IBM InfoSphere Guardium 8.2 and earlier
REMEDIATION:
Apply the patch for password disclosure .
As of August 24, 2012, the latest Guardium patches and GPU fixpacks for all versions are available through FixCentral.
Using version 8.2 with CSRF filtering enabled, prevents this exploit. Versions 8.0 and 8.01 are not capable of CSRF filtering. As such, users are encouraged to update to 8.2.
See the version 8.2 release notes for information on enabling CSRF protection.
To confirm the CSRF is enabled in version 8.2, run following command in CLI:
show gui csrf_status
If the result is βDisabledβ then execute the following command to enable CSRF filtering:
store gui csrf_status on
WORKAROUND:
None known; apply fixes
REFERENCES:
Β· On-line Calculator V2
Β· X-Force Vulnerability Database
Β· CVE-2012-3312
RELATED INFORMATION:
Β· IBM Secure Engineering Web Portal
Β· IBM Product Security Incident Response Blog** **
[{βProductβ:{βcodeβ:βSSMPHHβ,βlabelβ:βIBM Security Guardiumβ},βBusiness Unitβ:{βcodeβ:βBU059β,βlabelβ:βIBM Software w/o TPSβ},βComponentβ:βNot Applicableβ,βPlatformβ:[{βcodeβ:βPF016β,βlabelβ:βLinuxβ}],βVersionβ:β8.2;8.0.1;8.0β,βEditionβ:ββ,βLine of Businessβ:{βcodeβ:βLOB24β,βlabelβ:βSecurity Softwareβ}}]