CVE-2017-1253
critical
CVSS v3
9.9
CVSS v2
6.5
VIR risk
9.9
Description
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.
Predictions
Exploit likelihood
98%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://exchange.xforce.ibmcloud.com/vulnerabilities/124633
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg22004426
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | security_guardium | 10.0 | |
| ibm | security_guardium | 10.0.1 | |
| ibm | security_guardium | 10.1 | |
| ibm | security_guardium | 10.1.2 | |
References
- http://www.ibm.com/support/docview.wss?uid=swg22004426
- http://www.securityfocus.com/bid/99372
- https://exchange.xforce.ibmcloud.com/vulnerabilities/124633
- http://www.ibm.com/support/docview.wss?uid=swg22004426
- http://www.securityfocus.com/bid/99372
- https://exchange.xforce.ibmcloud.com/vulnerabilities/124633
CWEs
CWE-78
Verify integrity in audit chain (admin only). AS-IS.