IBM seals code smuggling leak and more in Security Guardium
IBM has provided updates for its Security Guardium cloud security software. They close security gaps, some of which are critical.
Security gaps jeopardize network security.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
IBM's cloud security software Security Guardium has several security gaps, some of which are critical. Not only is the core software affected, but third-party software packages supplied with the software also have vulnerabilities. IT managers should apply the available updates without delay.
In a security bulletin, IBM warn s of the security vulnerabilities in Security Guardium. The authors of the announcement list a total of ten security vulnerabilities, three of which directly affect IBM Security Guardium itself. With carefully prepared requests, registered attackers can send arbitrary commands into the system remotely, writes IBM, without explaining what an attack could look like (CVE-2023-47709, CVSS 9.1, risk"critical"). Local users can increase their access rights due to an inadequate rights check (CVE-2023-47712, CVSS 7.8, high). A denial of service vulnerability in Security Guardium can be provoked by uploading files (CVE-2023-47711, CVSS 2.7, low).
Several vulnerabilities in third-party components
The supplied PostgreSQL database allows malicious authenticated actors from the network to inject arbitrary malicious code by provoking a buffer overflow with a manipulated request (CVE-2023-5869, CVSS 8.8, high). They can also exploit a denial-of-service vulnerability (CVE-2023-5870, CVSS 2.2, low). The software package from IBM also contains components from VMware that open up security gaps. In addition, the X.Org X server allows code smuggling (CVE-2023-5367, CVSS 7.8, high).
Videos by heise
According to IBM, there are no temporary countermeasures to close the security gaps. Only updating to bug-fixed versions of IBM Security Guardium 11.3, 11.4, 11.5 and 12.0 will correct the problems. The patches restore the January patch level, the security release is from the weekend. IBM recommends that admins update their systems immediately.
IBM last patched a high-risk vulnerability in Security Guardium at the end of November. Attackers could have infiltrated their own commands with manipulated CSV files.
(dmk)
