IBM Security Guardium Flaw Let Attacker to Execute Arbitrary Commands

by Esmeralda McKenzie
IBM Security Guardium Flaw Let Attacker to Execute Arbitrary Commands

IBM Security Guardium Flaw Let Attacker to Execute Arbitrary Commands

IBM Safety Guardium Flaw

A Show Injection vulnerability became no longer too long up to now found on IBM Safety Guardium which enables chance actors to web arbitrary commands on the affected arrangement remotely.

This vulnerability became as a result of execrable neutralization of particular aspects broken-down in OS portray (CWE-78).

EHA

IBM Safety Guardium is an records protection platform that will presumably well be broken-down by security teams to automatically analyze records environments regarded as sensitive.

This comprises cloud environments, large records platforms, records warehouses, databases, file systems, and tons others. IBM has launched security patches to fix this vulnerability.

CVE-2023-35893: Show injection in CLI vulnerability

This vulnerability enables an unauthenticated, a ways away attacker to web arbitrary commands in the affected arrangement by sending particularly crafted inputs. The CVSS ranking for this vulnerability is given as 9.9 (Serious).

Affected Merchandise and Fastened in model

Product Versions Fix
IBM Safety Guardium 10.6 https://www.ibm.com/give a lift to/fixcentral/swg/quickorderparent=IBM%20Security&product=ibm/Data+Administration/InfoSphere+Guardium&free up=10.0&platform=Linux&purpose=fixId&fixids=SqlGuard_10.0p1023_Security-Fix&includeSupersedes=0&source=fc
IBM Safety Guardium 11.3 https://www.ibm.com/give a lift to/fixcentral/swg/quickorder?guardian=IBM%20Security&product=ibm/Data+Administration/InfoSphere+Guardium&free up=11.0&platform=Linux&purpose=fixId&fixids=SqlGuard_11.0p387_Security-Fix&includeSupersedes=0&source=fc
IBM Safety Guardium 11.4 https://www.ibm.com/give a lift to/fixcentral/swg/quickorder?guardian=IBM%20Security&product=ibm/Data+Administration/InfoSphere+Guardium&free up=11.0&platform=Linux&purpose=fixId&fixids=SqlGuard_11.0p476_Security-Fix&includeSupersedes=0&source=fc
IBM Safety Guardium 11.5 https://www.ibm.com/give a lift to/fixcentral/swg/quickorder?guardian=IBM%20Security&product=ibm/Data+Administration/InfoSphere+Guardium&free up=11.0&platform=Linux&purpose=fixId&fixids=SqlGuard_11.0p528_Security-Fix&includeSupersedes=0&source=fc

This vulnerability became found and reported to IBM by a security researcher MichaƂ Bogdanowicz from NORDEA BANK ABP.

In expose to fix this vulnerability, IBM has launched steps to practice for each model of IBM Safety Guardium on guidelines on how to practice the patches. Users are suggested to practice the steps talked about in the legit documentation and fix this vulnerability.

Source credit : cybersecuritynews.com

Related Posts