CVE-2016-0236

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

3.0%

top 13.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Guardium Database Activity Monitor

Timeline

PublishedOct 21

Latest updateMay 17

Description

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDibm/security_guardium_database_activity_monitor7 versions+6

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-48m9-9cxq-75r8: IBM Security Guardium Database Activity Monitor 8↗2022-05-17

▶

CVEList

CVE-2016-0236: IBM Security Guardium Database Activity Monitor 8↗2016-10-21

▶