IBM Security Guardium Flaw Let Attacker to Execute Arbitrary Commands
A Show Injection vulnerability became no longer too long up to now found on IBM Safety Guardium which enables chance actors to web arbitrary commands on the affected arrangement remotely.
This vulnerability became as a result of execrable neutralization of particular aspects broken-down in OS portray (CWE-78).
IBM Safety Guardium is an records protection platform that will presumably well be broken-down by security teams to automatically analyze records environments regarded as sensitive.
This comprises cloud environments, large records platforms, records warehouses, databases, file systems, and tons others. IBM has launched security patches to fix this vulnerability.
CVE-2023-35893: Show injection in CLI vulnerability
This vulnerability enables an unauthenticated, a ways away attacker to web arbitrary commands in the affected arrangement by sending particularly crafted inputs. The CVSS ranking for this vulnerability is given as 9.9 (Serious).
Affected Merchandise and Fastened in model
Product | Versions | Fix |
IBM Safety Guardium | 10.6 | https://www.ibm.com/give a lift to/fixcentral/swg/quickorderparent=IBM%20Security&product=ibm/Data+Administration/InfoSphere+Guardium&free up=10.0&platform=Linux&purpose=fixId&fixids=SqlGuard_10.0p1023_Security-Fix&includeSupersedes=0&source=fc |
IBM Safety Guardium | 11.3 | https://www.ibm.com/give a lift to/fixcentral/swg/quickorder?guardian=IBM%20Security&product=ibm/Data+Administration/InfoSphere+Guardium&free up=11.0&platform=Linux&purpose=fixId&fixids=SqlGuard_11.0p387_Security-Fix&includeSupersedes=0&source=fc |
IBM Safety Guardium | 11.4 | https://www.ibm.com/give a lift to/fixcentral/swg/quickorder?guardian=IBM%20Security&product=ibm/Data+Administration/InfoSphere+Guardium&free up=11.0&platform=Linux&purpose=fixId&fixids=SqlGuard_11.0p476_Security-Fix&includeSupersedes=0&source=fc |
IBM Safety Guardium | 11.5 | https://www.ibm.com/give a lift to/fixcentral/swg/quickorder?guardian=IBM%20Security&product=ibm/Data+Administration/InfoSphere+Guardium&free up=11.0&platform=Linux&purpose=fixId&fixids=SqlGuard_11.0p528_Security-Fix&includeSupersedes=0&source=fc |
This vulnerability became found and reported to IBM by a security researcher MichaĆ Bogdanowicz from NORDEA BANK ABP.
In expose to fix this vulnerability, IBM has launched steps to practice for each model of IBM Safety Guardium on guidelines on how to practice the patches. Users are suggested to practice the steps talked about in the legit documentation and fix this vulnerability.
Source credit : cybersecuritynews.com