CVE-2023-35893 — OS Command Injection in IBM Security Guardium

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.8HIGHNVD

CNA9.9

EPSS

0.2%

top 57.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Guardium

Timeline

PublishedAug 16

Latest updateAug 17

Description

IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 258824.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/security_guardium10.6, 11.3, 11.4, 11.5

▶NVDibm/security_guardium4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-9qr7-p3xx-g5rx: IBM Security Guardium 10↗2023-08-17

▶

CVEList

IBM Security Guardium command execution↗2023-08-16

▶