CVE-2017-1268IBM Security Guardium vulnerability

CWE-3104 documents4 sources
Severity
7.5HIGHNVD
CNA5.9
EPSS
0.2%
top 62.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Guardium
Timeline
PublishedDec 13
Latest updateMay 13

Description

IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDibm/security_guardium10.010.5
CVEListV5ibm/security_guardium10, 10.5+1

🔴Vulnerability Details

2
GHSA
GHSA-6v87-7975-j3hf: IBM Security Guardium 10 and 102022-05-13
CVEList
CVE-2017-1268: IBM Security Guardium 10 and 102018-12-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure2017-09-18
CVE-2017-1268 — IBM Security Guardium vulnerability | cvebase