CVE-2017-1253OS Command Injection in IBM Security Guardium

CWE-78OS Command Injection3 documents3 sources
Severity
9.9CRITICALNVD
EPSS
1.4%
top 19.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Guardium
Timeline
PublishedJul 5
Latest updateMay 17

Description

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

CVEListV5ibm/security_guardium4 versions+3
NVDibm/security_guardium4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-p42h-q4jc-j247: IBM Security Guardium 102022-05-17
CVEList
CVE-2017-1253: IBM Security Guardium 102017-07-05
CVE-2017-1253 — OS Command Injection in IBM | cvebase