There are several, some critical, security gaps in IBM’s cloud security software Security Guardium. Not only is the core software affected, but included third-party software packages also have vulnerabilities. IT managers should apply the available updates quickly.
Advertisement
In one Security notice warns IBM from the security leaks in Security Guardium. The authors of the report list a total of ten security gaps, three of which directly affect IBM Security Guardium itself. With carefully crafted requests, registered attackers can remotely send arbitrary commands into the system, writes IBM, without explaining what an attack might look like (CVE-2023-47709, CVSS 9.1“Risk”critical“). Local users can increase their access rights due to insufficient rights checking (CVE-2023-47712, CVSS 7.8, high). A denial of service vulnerability in Security Guardium can be provoked by file uploads (CVE-2023-47711, CVSS 2.7, low).
Multiple vulnerabilities in third-party components
The included PostgreSQL database allows malicious authenticated actors from the network to inject arbitrary malicious code by provoking a buffer overflow with a manipulated request (CVE-2023-5869, CVSS 8.8, high). They can also exploit a denial of service vulnerability (CVE-2023-5870, CVSS 2.2, low). IBM’s software package also contains components from VMware that open up security holes. In addition, the X.Org X server enables code smuggling (CVE-2023-5367, CVSS 7.8, high).
According to IBM, there are no temporary countermeasures to close the security gaps. Only the update to error-corrected versions of IBM Security Guardium 11.3, 11.4, 11.5 and 12.0 correct the problems. The patches establish the January patch level, the security announcement is from the weekend. IBM recommends that admins update their systems immediately.
At the end of November, IBM plugged a high-risk security hole in Security Guardium. Attackers could have injected their own commands using manipulated CSV files.
(dmk)