Vulnerability-Lookup

CVE-2017-1601 (GCVE-0-2017-1601)

Vulnerability from cvelistv5 – Published: 2018-05-02 13:00 – Updated: 2024-08-05 13:39

Summary

IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624.

Severity

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

ibm

References

3 references

URL	Tags
http://www.ibm.com/support/docview.wss?uid=swg22014230	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securitytracker.com/id/1040899	vdb-entryx_refsource_SECTRACK

Date Public

2018-04-27 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22014230"
          },
          {
            "name": "ibm-guardium-cve20171601-info-disc(132624)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624"
          },
          {
            "name": "1040899",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040899"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-04-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-11T09:57:01.000Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22014230"
        },
        {
          "name": "ibm-guardium-cve20171601-info-disc(132624)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624"
        },
        {
          "name": "1040899",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040899"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1601",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22014230",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22014230"
            },
            {
              "name": "ibm-guardium-cve20171601-info-disc(132624)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624"
            },
            {
              "name": "1040899",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040899"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1601",
    "datePublished": "2018-05-02T13:00:00.000Z",
    "dateReserved": "2016-11-30T00:00:00.000Z",
    "dateUpdated": "2024-08-05T13:39:31.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-1601",
      "date": "2026-06-03",
      "epss": "0.00502",
      "percentile": "0.66391"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-1601\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2018-05-02T13:29:00.287\",\"lastModified\":\"2024-11-21T03:22:07.833\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624.\"},{\"lang\":\"es\",\"value\":\"En IBM Security Guardium 10.0, 10.0.1 y 10.1 hasta la 10.1.4, Database Activity Monitor no pide que los usuarios tengan contrase\u00f1as fuertes por defecto, lo que hace que sea m\u00e1s f\u00e1cil que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 132624.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-521\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29D81340-4C19-4425-8C66-49DD3455EDFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DA18ADA-7A89-4DE1-B69C-CB687B8EEEFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"812ADB6B-451E-41E6-938A-D21E97FB5014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05019805-EF93-4ECC-B49F-863D3933274B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A67C9351-52F7-437B-B947-BEDCE449C177\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02D12512-3BA9-42A3-85A9-9E2A3900FE84\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22014230\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1040899\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/132624\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22014230\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1040899\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/132624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2018-09231

Vulnerability from cnvd - Published: 2018-05-09

Title

IBM Security Guardium信息泄露漏洞（CNVD-2018-09231）

Description

IBM Security Guardium是美国IBM公司的一套提供数据保护功能的平台。该平台包括自定义UI、报告管理和流线化的审计流程构建等功能。 IBM Security Guardium中存在安全漏洞，该漏洞源于程序没有默认要求用户使用保密性较强的密码。攻击者可利用该漏洞控制用户账户。

Severity

中

Patch Name

IBM Security Guardium信息泄露漏洞（CNVD-2018-09231）的补丁

Patch Description

IBM Security Guardium是美国IBM公司的一套提供数据保护功能的平台。该平台包括自定义UI、报告管理和流线化的审计流程构建等功能。 IBM Security Guardium中存在安全漏洞，该漏洞源于程序没有默认要求用户使用保密性较强的密码。攻击者可利用该漏洞控制用户账户。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=swg22014230

Reference

http://www.ibm.com/support/docview.wss?uid=swg22014230

Impacted products

Name
IBM Security Guardium >=10.1，<=10.1.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1601"
    }
  },
  "description": "IBM Security Guardium\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u6570\u636e\u4fdd\u62a4\u529f\u80fd\u7684\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ec\u81ea\u5b9a\u4e49UI\u3001\u62a5\u544a\u7ba1\u7406\u548c\u6d41\u7ebf\u5316\u7684\u5ba1\u8ba1\u6d41\u7a0b\u6784\u5efa\u7b49\u529f\u80fd\u3002\r\n\r\nIBM Security Guardium\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u6ca1\u6709\u9ed8\u8ba4\u8981\u6c42\u7528\u6237\u4f7f\u7528\u4fdd\u5bc6\u6027\u8f83\u5f3a\u7684\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u7528\u6237\u8d26\u6237\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg22014230",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09231",
  "openTime": "2018-05-09",
  "patchDescription": "IBM Security Guardium\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u6570\u636e\u4fdd\u62a4\u529f\u80fd\u7684\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ec\u81ea\u5b9a\u4e49UI\u3001\u62a5\u544a\u7ba1\u7406\u548c\u6d41\u7ebf\u5316\u7684\u5ba1\u8ba1\u6d41\u7a0b\u6784\u5efa\u7b49\u529f\u80fd\u3002\r\n\r\nIBM Security Guardium\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u6ca1\u6709\u9ed8\u8ba4\u8981\u6c42\u7528\u6237\u4f7f\u7528\u4fdd\u5bc6\u6027\u8f83\u5f3a\u7684\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u7528\u6237\u8d26\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Security Guardium\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-09231\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "IBM Security Guardium \u003e=10.1\uff0c\u003c=10.1.4"
  },
  "referenceLink": "http://www.ibm.com/support/docview.wss?uid=swg22014230",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-04",
  "title": "IBM Security Guardium\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-09231\uff09"
}

FKIE_CVE-2017-1601

Vulnerability from fkie_nvd - Published: 2018-05-02 13:29 - Updated: 2024-11-21 03:22

Severity

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22014230	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1040899	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/132624	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22014230	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040899	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/132624	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	security_guardium_database_activity_monitor	10.0
ibm	security_guardium_database_activity_monitor	10.0.1
ibm	security_guardium_database_activity_monitor	10.1
ibm	security_guardium_database_activity_monitor	10.1.2
ibm	security_guardium_database_activity_monitor	10.1.3
ibm	security_guardium_database_activity_monitor	10.1.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29D81340-4C19-4425-8C66-49DD3455EDFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA18ADA-7A89-4DE1-B69C-CB687B8EEEFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "812ADB6B-451E-41E6-938A-D21E97FB5014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "05019805-EF93-4ECC-B49F-863D3933274B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67C9351-52F7-437B-B947-BEDCE449C177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "02D12512-3BA9-42A3-85A9-9E2A3900FE84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624."
    },
    {
      "lang": "es",
      "value": "En IBM Security Guardium 10.0, 10.0.1 y 10.1 hasta la 10.1.4, Database Activity Monitor no pide que los usuarios tengan contrase\u00f1as fuertes por defecto, lo que hace que sea m\u00e1s f\u00e1cil que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 132624."
    }
  ],
  "id": "CVE-2017-1601",
  "lastModified": "2024-11-21T03:22:07.833",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-02T13:29:00.287",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014230"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040899"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-521"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-GM6Q-QV7Q-5GGV

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-1601"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-521"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-02T13:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624.",
  "id": "GHSA-gm6q-qv7q-5ggv",
  "modified": "2022-05-13T01:44:04Z",
  "published": "2022-05-13T01:44:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1601"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22014230"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040899"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-1601

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-1601

Aliases

CVE-2017-1601

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-1601",
    "description": "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624.",
    "id": "GSD-2017-1601"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-1601"
      ],
      "details": "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624.",
      "id": "GSD-2017-1601",
      "modified": "2023-12-13T01:21:11.787616Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2017-1601",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.ibm.com/support/docview.wss?uid=swg22014230",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22014230"
          },
          {
            "name": "ibm-guardium-cve20171601-info-disc(132624)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624"
          },
          {
            "name": "1040899",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040899"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1601"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-521"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-guardium-cve20171601-info-disc(132624)",
              "refsource": "XF",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22014230",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22014230"
            },
            {
              "name": "1040899",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040899"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-05-02T13:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-1601 (GCVE-0-2017-1601)

CNVD-2018-09231

FKIE_CVE-2017-1601

GHSA-GM6Q-QV7Q-5GGV

GSD-2017-1601

Tags

Sightings

Nomenclature