VIR Vulnerability Intelligence Relay

CVE-2016-0236

high
Published 2016-10-21 · Modified 2026-05-06
CVSS v3
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2
9.0
VIR risk
8.8

Description

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21990372

Application impact
VendorProductVersionsFixed
ibmsecurity_guardium_database_activity_monitor8.2
ibmsecurity_guardium_database_activity_monitor9.0
ibmsecurity_guardium_database_activity_monitor9.1
ibmsecurity_guardium_database_activity_monitor9.5
ibmsecurity_guardium_database_activity_monitor10.0
ibmsecurity_guardium_database_activity_monitor10.1
ibmsecurity_guardium_database_activity_monitor10.01

References

CWEs

CWE-77

Verify integrity in audit chain (admin only). AS-IS.