CVE-2017-1264 - OpenCVE

IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Security Guardium

Configuration 1 [-]

OR	cpe:2.3:a:ibm:security_guardium:10.0:::::::*
	cpe:2.3:a:ibm:security_guardium:10.0.1:::::::*
	cpe:2.3:a:ibm:security_guardium:10.1:::::::*
	cpe:2.3:a:ibm:security_guardium:10.1.2:::::::*

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=swg22004425	Vendor Advisory
http://www.securityfocus.com/bid/99369	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/124739	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2017-06-29T00:00:00

Updated: 2017-07-06T09:57:01

Reserved: 2016-11-30T00:00:00

Link: CVE-2017-1264

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-07-05T18:29:00.527

Modified: 2017-07-17T18:53:51.157

Link: CVE-2017-1264

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "Security Guardium", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.0"}, {"status": "affected", "version": "10.0.1"}, {"status": "affected", "version": "10.1"}, {"status": "affected", "version": "10.1.2"}]}], "datePublic": "2017-06-29T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739."}], "problemTypes": [{"descriptions": [{"description": "Bypass Security", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-06T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124739"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22004425"}, {"name": "99369", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99369"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-06-29T00:00:00", "ID": "CVE-2017-1264", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Security Guardium", "version": {"version_data": [{"version_value": "10.0"}, {"version_value": "10.0.1"}, {"version_value": "10.1"}, {"version_value": "10.1.2"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Bypass Security"}]}]}, "references": {"reference_data": [{"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124739", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124739"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg22004425", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg22004425"}, {"name": "99369", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99369"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1264", "datePublished": "2017-06-29T00:00:00", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2017-07-06T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "552A0A69-388F-4842-A882-78F267D4BF09", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_guardium:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B9ACD03A-8D4C-4B94-81AB-D1BBD41E0182", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_guardium:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "148A8443-DF7A-42AA-8D86-128CCC1D871E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_guardium:10.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "45E6B962-F8F8-4979-BC76-AE0B16EEB082", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739."}, {"lang": "es", "value": "IBM Security Guardium 10.0 no comprueba o al menos insuficientemente que la identidad de los actores es correcta, lo que llevar\u00eda a la exposici\u00f3n de los recursos o la funcionalidad a actores accidentales. IBM X-Force ID: 124739."}], "id": "CVE-2017-1264", "lastModified": "2017-07-17T18:53:51.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-05T18:29:00.527", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg22004425"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99369"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124739"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}