CVE-2021-29773Authorization Bypass Through User-Controlled Key in IBM Security Guardium

CWE-639Authorization Bypass Through User-Controlled KeyCWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 75.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Guardium
Timeline
PublishedSep 15
Latest updateMay 24

Description

IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5ibm/security_guardium10.6, 11.3+1
NVDibm/security_guardium10.6, 11.3+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-qw5p-3fq9-8ggv: IBM Security Guardium 102022-05-24
CVEList
CVE-2021-29773: IBM Security Guardium 102021-09-15