SB2022072216 - Multiple vulnerabilities in IBM Security Guardium Insights

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2019-12399)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output within the Apache Kafka Connect REST API tasks endpoint. A remote authenticated user can issue a request to the same Connect cluster to obtain the connector's task configurations and the response will contain the plaintext secret.

2) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2020-4175)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to IBM Security Guardium Insights fails to properly enable HTTP Strict Transport Security. A remote unauthenticated attacker can exploit this vulnerability to obtain sensitive information using man in the middle techniques.

3) Improper Authentication (CVE-ID: CVE-2020-4167)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.

4) Improper Privilege Management (CVE-ID: CVE-2020-4603)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to IBM Security Guardium Insights performs an operation at a privilege level that is higher than the minimum level required. A remote user can trigger the vulnerability to escalate privileges on the system.

5) Information disclosure (CVE-ID: CVE-2020-4171)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can gain unauthorized access to sensitive information on the system.

6) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-4169)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to IBM Security Guardium Insights uses weaker than expected cryptographic algorithms. A remote unauthenticated attacker can use this vulnerability to decrypt highly sensitive information.

7) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-4174)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to IBM Security Guardium Insights uses weaker than expected cryptographic algorithms. A remote unauthenticated attacker can use this vulnerability to decrypt highly sensitive information.

8) Improper control of a resource through its lifetime (CVE-ID: CVE-2020-4172)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to IBM Security Guardium Insights stores sensitive information in URL parameters. A remote unauthenticated attacker with access to the URLs via server logs, referrer header or browser history can use this vulnerability to decrypt highly sensitive information.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-8/"
• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-8/</a><br><a
• https://www.ibm.com/support/pages/node/6323297"
• https://www.ibm.com/support/pages/node/6323297</a><br></p><p><br></p>