Multiple vulnerabilities in IBM Security Guardium Insights



Risk Medium
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2019-12399
CVE-2020-4175
CVE-2020-4167
CVE-2020-4603
CVE-2020-4171
CVE-2020-4169
CVE-2020-4174
CVE-2020-4172
CWE-ID CWE-200
CWE-300
CWE-287
CWE-269
CWE-327
CWE-664
Exploitation vector Network
Public exploit N/A
Vulnerable software
IBM Security Guardium Insights
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU24240

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-12399

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output within the Apache Kafka Connect REST API tasks endpoint. A remote authenticated user can issue a request to the same Connect cluster to obtain the connector's task configurations and the response will contain the plaintext secret.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium Insights: 2.0 - 2.0.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6323297


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Man-in-the-Middle (MitM) attack

EUVDB-ID: #VU65702

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4175

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to IBM Security Guardium Insights fails to properly enable HTTP Strict Transport Security. A remote unauthenticated attacker can exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium Insights: 2.0 - 2.0.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6323297


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Authentication

EUVDB-ID: #VU65712

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4167

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium Insights: 2.0 - 2.0.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6323297


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Privilege Management

EUVDB-ID: #VU65713

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4603

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to IBM Security Guardium Insights performs an operation at a privilege level that is higher than the minimum level required. A remote user can trigger the vulnerability to escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium Insights: 2.0 - 2.0.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6323297


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU65715

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4171

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium Insights: 2.0 - 2.0.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6323297


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU65726

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4169

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to IBM Security Guardium Insights uses weaker than expected cryptographic algorithms. A remote unauthenticated attacker can use this vulnerability to decrypt highly sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium Insights: 2.0 - 2.0.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6323297


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU65724

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4174

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to IBM Security Guardium Insights uses weaker than expected cryptographic algorithms. A remote unauthenticated attacker can use this vulnerability to decrypt highly sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium Insights: 2.0 - 2.0.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6323297


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper control of a resource through its lifetime

EUVDB-ID: #VU65728

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4172

CWE-ID: CWE-664 - Improper control of a resource through its lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to IBM Security Guardium Insights stores sensitive information in URL parameters. A remote unauthenticated attacker with access to the URLs via server logs, referrer header or browser history can use this vulnerability to decrypt highly sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium Insights: 2.0 - 2.0.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6323297


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###