Arbitrary Command Execution in IBM Security Guardium Database Activity Monitor
CVE-2016-0236
8.8HIGH
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 21 October 2016
Summary
The IBM Security Guardium Database Activity Monitor versions prior to specified patches allow authenticated remote users to execute arbitrary commands with root privileges through the search field. This flaw may lead to unauthorized access and manipulation of sensitive database information, making timely updates and security measures essential for users of the affected versions.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved