Arbitrary Command Execution Vulnerability in IBM Security Guardium
CVE-2023-47709

9.1CRITICAL

Key Information:

Vendor: IBM
Status: Security Guardium
Vendor: CVE Published:; 14 May 2024

Summary

The vulnerability in IBM Security Guardium affects versions 11.3, 11.4, 11.5, and 12.0, enabling a remote authenticated attacker to execute arbitrary commands on the system. This occurs through specially crafted requests sent to the vulnerable product, which may result in unauthorized actions and potential compromise of sensitive data within the environment.

Affected Version(s)

Security Guardium 11.3, 11.4, 11.5, 12.0

References

https://www.ibm.com/support/pages/node/7150840

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/271524

vdb-entry

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Nov 9, 2023