Arbitrary Command Execution Vulnerability in IBM Security Guardium
CVE-2023-47709

8.8HIGH

Key Information:

Vendor: IBM
Status: Security Guardium
Vendor: CVE Published:; 14 May 2024

What is CVE-2023-47709?

The vulnerability in IBM Security Guardium affects versions 11.3, 11.4, 11.5, and 12.0, enabling a remote authenticated attacker to execute arbitrary commands on the system. This occurs through specially crafted requests sent to the vulnerable product, which may result in unauthorized actions and potential compromise of sensitive data within the environment.

Affected Version(s)

Security Guardium 11.3, 11.4, 11.5, 12.0

References

https://www.ibm.com/support/pages/node/7150840

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/271524

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Nov 9, 2023