Connect with us

Business

IBM Security Guardium Flaw Let Attacker to Execute Arbitrary Commands

Published

on

Command Injection vulnerability was recently discovered on IBM Security Guardium which allows threat actors to execute arbitrary commands on the affected system remotely.

This vulnerability was due to improper neutralization of special elements used in OS command (CWE-78).

IBM Security Guardium is a data protection platform that can be used by security teams to automatically analyze data environments considered sensitive.

This includes cloud environments, big data platforms, data warehouses, databases, file systems, etc. IBM has released security patches to fix this vulnerability.

CVE-2023-35893: Command injection in CLI vulnerability

This vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands in the affected system by sending specially crafted inputs. The CVSS score for this vulnerability is given as 9.9 (Critical).

Affected Products and Fixed in version

ProductVersionsFix
IBM Security Guardium10.6https://www.ibm.com/support/fixcentral/swg/quickorderparent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p1023_Security-Fix&includeSupersedes=0&source=fc
IBM Security Guardium11.3https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p387_Security-Fix&includeSupersedes=0&source=fc
IBM Security Guardium11.4https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p476_Security-Fix&includeSupersedes=0&source=fc
IBM Security Guardium11.5https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p528_Security-Fix&includeSupersedes=0&source=fc 

This vulnerability was discovered and reported to IBM by a security researcher Michał Bogdanowicz from NORDEA BANK ABP.

In order to fix this vulnerability, IBM has released steps to follow for each version of IBM Security Guardium on how to apply the patches. Users are recommended to follow the steps mentioned in the official documentation and fix this vulnerability.

Source: https://cybersecuritynews.com/ibm-security-guardium-flaw/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO