VIR Vulnerability Intelligence Relay

CVE-2016-0241

high
Published 2016-10-22 · Modified 2026-05-06
CVSS v3
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2
6.5
VIR risk
8.8

Description

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP.

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21990219

Application impact
VendorProductVersionsFixed
ibmsecurity_guardium_database_activity_monitor8.2
ibmsecurity_guardium_database_activity_monitor9.0
ibmsecurity_guardium_database_activity_monitor9.1
ibmsecurity_guardium_database_activity_monitor9.5
ibmsecurity_guardium_database_activity_monitor10.0
ibmsecurity_guardium_database_activity_monitor10.1
ibmsecurity_guardium_database_activity_monitor10.01

References

CWEs

CWE-284

Verify integrity in audit chain (admin only). AS-IS.