Multiple vulnerabilities in IBM Security Guardium
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-5637 CVE-2019-0201 CVE-2018-8012 CVE-2023-44981 |
| CWE-ID | CWE-284 CWE-287 CWE-639 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM Security Guardium Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU6876
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-5637
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper access constrictions to wchp/wchc service. A local user can consume all available CPU resource and perform denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.4 - 11.5
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.5:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7172584
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU18668
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0201
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions when "getACL()" command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. A remote attacker can gain READ permissions to list ACL.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.4 - 11.5
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.5:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7172584
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper authentication
EUVDB-ID: #VU12913
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-8012
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication and write arbitrary files on the target system.
The weakness exists due to missing authentication to join a quorum. A remote attacker can bypass authentication, join the cluster and propagate changes to the cluster leader.
Install update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.4 - 11.5
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.5:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7172584
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Authorization bypass through user-controlled key
EUVDB-ID: #VU83312
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-44981
CWE-ID:
CWE-639 - Authorization Bypass Through User-Controlled Key
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization process.
The vulnerability exists due to improper implementation of SASL Quorum Peer authentication. The instance part in SASL authentication ID, which is listed in zoo.cfg server
list, is optional and if it's missing,
the authorization check will be skipped. As a
result an arbitrary endpoint could join the cluster and begin
propagating counterfeit changes to the leader, essentially giving it
complete read-write access to the data tree.
Install update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 11.4 - 11.5
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.5:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7172584
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
