CVE-2020-4688: IBM Guardium - Command Injection
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
1.1 Vulnerability Summary
IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
The CVSS Base score of this vulnerability is 7.8 High as NVD. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.3 Affected Version
IBM Security Guardium 10.6 and 11.2
1.4 Vulnerability Attribution
This vulnerability is reported IBM Corporation.
1.5 Risk Impact
IBM Security Guardium is used to prevent sensitive Data Loss via database manipulation. A vulnerability in a product like Guardium opens the doors on the most sensitive data of the top 100 enterprises.
Public exploit is not available.
1.6 Virsec Security Platform (VSP) Support:
VSP-Web capability can detect all types of command injection attack and prevent this attack from being exploited.
1.7 Reference Links:
- NVD - CVE-2020-4688 (nist.gov)
- IBM Security Guardium command execution CVE-2020-4688 Vulnerability Report (ibmcloud.com)
Download the full vulnerability report to learn more about this and other important vulnerabilities.
Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!