| Vulnerability Name: | CVE-2020-4689 (CCN-186696) | ||||||||||||
| Assigned: | 2019-12-30 | ||||||||||||
| Published: | 2020-10-09 | ||||||||||||
| Updated: | 2021-07-21 | ||||||||||||
| Summary: | IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696. | ||||||||||||
| CVSS v3 Severity: | 6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H) 5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 8.5 High (CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-74 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-4689 Source: XF Type: UNKNOWN ibm-guardium-cve20204689-code-exec(186696) Source: XF Type: VDB Entry ibm-guardium-cve20204689-code-exec (186696) Source: CCN Type: IBM Security Bulletin 6346884 (Security Guardium) IBM Security Guardium is affected by Cross-site scripting vulnerabilities Source: CONFIRM Type: Patch, Vendor Advisory https://www.ibm.com/support/pages/node/6346884 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||