Server-Side Request Forgery Vulnerability in IBM Security Guardium
CVE-2024-49336

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Security Guardium
Vendor
CVE Published:
19 December 2024

Summary

The vulnerability in IBM Security Guardium 11.5 is categorized as a server-side request forgery (SSRF), allowing an authenticated attacker to manipulate requests sent from the system to external services. This vulnerability can lead to unauthorized access, network enumeration, and potentially enable the attacker to engineer other types of attacks leveraging the compromised request context. Organizations utilizing this version should be aware of the potential implications on their network security and take immediate action to mitigate the associated risks.

References

https://www.ibm.com/support/pages/node/7179369

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.