Thursday, 6 July 2017
A vulnerability, which was classified as critical, has been found in IBM Security Guardium 10.0/10.1. This issue affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-269. Impacted is confidentiality, integrity, and availability.
The weakness was presented 07/05/2017. The advisory is shared for download at ibm.com. The identification of this vulnerability is CVE-2017-1258 since 11/30/2016. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 07/06/2017).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
CVSSv3
VulDB Temp Score: ≈5.5
VulDB Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
VulDB Reliability: Low
CVSSv2
VulDB Base Score: ≈4.1 (CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P)VulDB Temp Score: ≈4.1 (CVSS2#E:ND/RL:ND/RC:ND)
VulDB Reliability: Medium
CPE
- cpe:/a:ibm:security_guardium:10.0
- cpe:/a:ibm:security_guardium:10.1
Exploiting
Class: Privilege escalation (CWE-269)Local: Yes
Remote: No
Availability: No
Price Prediction: steady
Current Price Estimation:
| 0-Day | $0-$5k | $5k-$25k | $25k-$100k | $100k-$500k |
|---|---|---|---|---|
| Today | $0-$5k | $5k-$25k | $25k-$100k | $100k-$500k |
Recommended: no mitigation known
0-Day Time: 0 days since found
Timeline
11/30/2016 CVE assigned07/05/2017 Advisory disclosed
07/06/2017 VulDB entry created
07/06/2017 VulDB last update
Sources
Advisory: ibm.comCVE: CVE-2017-1258 (mitre.org) (nvd.nist.org) (cvedetails.com)
Subscribe to:
Post Comments (Atom)
Sectoon
Featured post
27 good hacker documentary
In the eyes of most people, a group of hackers usually extremely boring nothing interesting people, and that if only the computer code in ...
Blog archive
Top certifications to plan in 2018 ?
0 comments:
Post a comment