CNVD-2017-37593
Vulnerability from cnvd - Published: 2017-12-20
VLAI
Title
IBM Security Guardium安全绕过漏洞(CNVD-2017-37593)
Description
IBM Security Guardium是美国IBM公司的一套提供数据保护功能的平台。该平台包括自定义UI、报告管理和流线化的审计流程构建等功能。
IBM Security Guardium 9.0版本、9.1版本和9.5版本中存在安全绕过漏洞,该漏洞源于程序未能使用最强的加密算法来作为保护机制。远程攻击者利用该漏洞绕过安全限制,执行未授权的操作。
Severity
中
Patch Name
IBM Security Guardium安全绕过漏洞(CNVD-2017-37593)的补丁
Patch Description
IBM Security Guardium是美国IBM公司的一套提供数据保护功能的平台。该平台包括自定义UI、报告管理和流线化的审计流程构建等功能。
IBM Security Guardium 9.0版本、9.1版本和9.5版本中存在安全绕过漏洞,该漏洞源于程序未能使用最强的加密算法来作为保护机制。远程攻击者利用该漏洞绕过安全限制,执行未授权的操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: http://www-01.ibm.com/support/docview.wss?uid=swg22010435
Reference
http://www.securityfocus.com/bid/102034
Impacted products
| Name | ['IBM Security Guardium 9.0', 'IBM Security Guardium 9.1', 'IBM Security Guardium 9.5', 'IBM Security Guardium 10.0', 'IBM Security Guardium 10.0.1', 'IBM Security Guardium 10.1', 'IBM Security Guardium 10.1.2', 'IBM Security Guardium 10.1.3'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-1271"
}
},
"description": "IBM Security Guardium\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u6570\u636e\u4fdd\u62a4\u529f\u80fd\u7684\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ec\u81ea\u5b9a\u4e49UI\u3001\u62a5\u544a\u7ba1\u7406\u548c\u6d41\u7ebf\u5316\u7684\u5ba1\u8ba1\u6d41\u7a0b\u6784\u5efa\u7b49\u529f\u80fd\u3002\r\n\r\nIBM Security Guardium 9.0\u7248\u672c\u30019.1\u7248\u672c\u548c9.5\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u4f7f\u7528\u6700\u5f3a\u7684\u52a0\u5bc6\u7b97\u6cd5\u6765\u4f5c\u4e3a\u4fdd\u62a4\u673a\u5236\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\u3002",
"discovererName": "Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza.",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg22010435",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-37593",
"openTime": "2017-12-20",
"patchDescription": "IBM Security Guardium\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u6570\u636e\u4fdd\u62a4\u529f\u80fd\u7684\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ec\u81ea\u5b9a\u4e49UI\u3001\u62a5\u544a\u7ba1\u7406\u548c\u6d41\u7ebf\u5316\u7684\u5ba1\u8ba1\u6d41\u7a0b\u6784\u5efa\u7b49\u529f\u80fd\u3002\r\n\r\nIBM Security Guardium 9.0\u7248\u672c\u30019.1\u7248\u672c\u548c9.5\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u4f7f\u7528\u6700\u5f3a\u7684\u52a0\u5bc6\u7b97\u6cd5\u6765\u4f5c\u4e3a\u4fdd\u62a4\u673a\u5236\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "IBM Security Guardium\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2017-37593\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"IBM Security Guardium 9.0",
"IBM Security Guardium 9.1",
"IBM Security Guardium 9.5",
"IBM Security Guardium 10.0",
"IBM Security Guardium 10.0.1",
"IBM Security Guardium 10.1",
"IBM Security Guardium 10.1.2",
"IBM Security Guardium 10.1.3"
]
},
"referenceLink": "http://www.securityfocus.com/bid/102034",
"serverity": "\u4e2d",
"submitTime": "2017-12-07",
"title": "IBM Security Guardium\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2017-37593\uff09"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…