www.belgium.be Logo of the federal government

WARNING: CRITICAL VULNERABILITY IN IBM SECURITY GUARDIUM LEADS TO RCE, PATCH ASAP

Reference: 
Advisory #2023-99
Version: 
1.0
Affected software: 
IBM Security Guardium version 10.6
IBM Security Guardium version 11.3
IBM Security Guardium version 11.4
IBM Security Guardium version 11.5
Type: 
Remote code execution (RCE)
CVE/CVSS: 

CVE-2023-35893 CVSS score : 9.9 (critical)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Date: 
21/08/2023

Sources

https://www.ibm.com/support/pages/node/7027853

Risks

By successfully exploiting CVE-2023-35893, a remote authenticated attacker could execute arbitrary commands on the system by sending a specially crafted request.

CVE-2023-35893has a high impact on all vertices of the CIA triad (Confidentiality, Integrity, Availability).

The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident.

Description

IBM Security Guardium is a data protection platform formerly known as IBM InfoSphere Guardium. It can be used by security teams to automatically analyze data environments considered sensitive.

CVE-2023-35893 is a command injection vulnerability due to improper neutralization of special elements used in OS command.

Recommended Actions

IBM recommends  upgrading your software:

•    For IBM Security Guardium version 10.6, the fix is available at https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p1023_Security-Fix&includeSupersedes=0&source=fc  
•    For IBM Security Guardium version 11.3, the fix is available at https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p387_Security-Fix&includeSupersedes=0&source=fc
•    For IBM Security Guardium version 11.4, the fix is available at https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p476_Security-Fix&includeSupersedes=0&source=fc  
•    For IBM Security Guardium version 11.5, the fix is available at https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p528_Security-Fix&includeSupersedes=0&source=fc

The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident.