What is the Command Injection vulnerability in IBM Security Guardium?

A critical Command Injection vulnerability in IBM Security Guardium allows remote execution of arbitrary commands on impacted systems, posing a significant security risk.

How does IBM Security Guardium function?

IBM Security Guardium functions as a data protection platform designed to automatically analyze sensitive data environments, including cloud setups, big data platforms, databases, data warehouses, and file systems, among others.

What is the CVE ID and severity of this vulnerability?

The vulnerability is tracked as CVE-2023-35893, classified with a CVSS3 score of 9.9 (Critical). It is categorized as a 'Command injection in CLI' vulnerability, allowing unauthorized attackers to execute unrestricted commands by exploiting improperly handled special elements in OS commands.

What actions has IBM taken to address the vulnerability?

IBM has responded promptly by releasing security patches to mitigate the vulnerability. Additionally, IBM has provided step-by-step instructions for each version of IBM Security Guardium, outlining how users can apply the necessary patches.

Which versions of IBM Security Guardium are affected by this vulnerability?

The affected versions include IBM Security Guardium 10.6, 11.3, 11.4, and 11.5.

Where can I find the security patches for the affected versions?

You can find the security patches for the affected versions of IBM Security Guardium on the IBM support website using the provided links: - IBM Security Guardium 10.6: [Link] - IBM Security Guardium 11.3: [Link] - IBM Security Guardium 11.4: [Link] - IBM Security Guardium 11.5: [Link]

Advisory

IBM Security Guardium critical vulnerability allows execution arbitrary commands

published: Aug. 17, 2023

Take action: An urgent patch to your IBM Guardium. Just imagine your security monitoring tool being hacked. And the investigations and questions that will need to be answered. One of those questions shouldn't be "why didn't you patch the Guardium".

Learn More

A critical Command Injection vulnerability is reported in IBM Security Guardium, allowing malicious actors to execute arbitrary commands remotely on the impacted system.

IBM Security Guardium serves as a data protection platform utilized by security teams to automatically analyze sensitive data environments, encompassing cloud setups, big data platforms, databases, data warehouses, file systems, and more.

This vulnerability, is tracked as CVE-2023-35893 (CVSS3 score of 9.9) - a Command injection in CLI" vulnerability, which allows an unauthenticated attacker to launch unrestricted commands on the compromised system by transmitting specifically crafted inputs The vulnerability stems from the improper handling of special elements used in operating system commands, as categorized.

To address this vulnerability, IBM has promptly issued security patches, and has outlined a set of instructions for each version of IBM Security Guardium.

Affected Products and Fixed in version

Product	Affected Version	Fix
IBM Security Guardium	10.6	https://www.ibm.com/support/fixcentral/swg/quickorderparent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p1023_Security-Fix&includeSupersedes=0&source=fc
IBM Security Guardium	11.3	https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p387_Security-Fix&includeSupersedes=0&source=fc
IBM Security Guardium	11.4	https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p476_Security-Fix&includeSupersedes=0&source=fc
IBM Security Guardium	11.5	https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p528_Security-Fix&includeSupersedes=0&source=fc

IBM Security Guardium critical vulnerability allows execution arbitrary commands

Read More
JetBrains reports critical auth bypass flaw in TeamCity …
Trend Micro warns of critical vulnerability in Cloud …
ZITADEL Admin API flaw enables IDOR exploit
SonicWall SMA100 vulnerability enables remote code execution
Critical RDSEED flaw in AMD Zen 5 processors …