CVE-2017-1267Improper Input Validation in IBM Security Guardium

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 26.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Guardium
Timeline
PublishedJul 21
Latest updateMay 14

Description

IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/security_guardium4 versions+3
NVDibm/security_guardium7 versions+6

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-6xrf-rh98-whfc: IBM Security Guardium 102022-05-14
CVEList
CVE-2017-1267: IBM Security Guardium 102017-07-21

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Kernel - 'win32k!NtGdiGetGlyphOutline' Pool Memory Disclosure2017-09-18
CVE-2017-1267 — Improper Input Validation in IBM | cvebase