cvelistv5 - cve-2017-1266

CVE-2017-1266 (GCVE-0-2017-1266)

Vulnerability from cvelistv5 – Published: 2017-12-20 18:00 – Updated: 2024-09-17 03:53

Summary

IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.

Severity ?

No CVSS data available.

CWE

Gain Access

Assigner

ibm

References

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22011516	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	Security Guardium	Affected: 10.0 Affected: 10.0.1 Affected: 10.1 Affected: 10.1.2 Affected: 10.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22011516"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124741"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Guardium",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.0"
            },
            {
              "status": "affected",
              "version": "10.0.1"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.1.2"
            },
            {
              "status": "affected",
              "version": "10.1.3"
            }
          ]
        }
      ],
      "datePublic": "2017-12-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-20T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22011516"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124741"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-12-18T00:00:00",
          "ID": "CVE-2017-1266",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Guardium",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0"
                          },
                          {
                            "version_value": "10.0.1"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.1.2"
                          },
                          {
                            "version_value": "10.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22011516",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22011516"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124741",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124741"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1266",
    "datePublished": "2017-12-20T18:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T03:53:05.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"552A0A69-388F-4842-A882-78F267D4BF09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_guardium:10.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9ACD03A-8D4C-4B94-81AB-D1BBD41E0182\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_guardium:10.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A60EABED-C8D2-4D84-9EE2-80397057DBBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_guardium:10.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45E6B962-F8F8-4979-BC76-AE0B16EEB082\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_guardium:10.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0057282B-A778-4B71-97EC-D054B1EF96A4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.\"}, {\"lang\": \"es\", \"value\": \"IBM Security Guardium 10.0 especifica permisos para un recurso cr\\u00edtico para la seguridad de forma que permite que ese recurso sea le\\u00eddo o modificado por actores no planeados. IBM X-Force ID: 124741.\"}]",
      "id": "CVE-2017-1266",
      "lastModified": "2024-11-21T03:21:36.330",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:N\", \"baseScore\": 5.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-12-20T18:29:00.433",
      "references": "[{\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg22011516\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/124741\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg22011516\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/124741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-1266\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2017-12-20T18:29:00.433\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.\"},{\"lang\":\"es\",\"value\":\"IBM Security Guardium 10.0 especifica permisos para un recurso cr\u00edtico para la seguridad de forma que permite que ese recurso sea le\u00eddo o modificado por actores no planeados. IBM X-Force ID: 124741.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:N\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"552A0A69-388F-4842-A882-78F267D4BF09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9ACD03A-8D4C-4B94-81AB-D1BBD41E0182\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A60EABED-C8D2-4D84-9EE2-80397057DBBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium:10.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45E6B962-F8F8-4979-BC76-AE0B16EEB082\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium:10.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0057282B-A778-4B71-97EC-D054B1EF96A4\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22011516\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/124741\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22011516\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/124741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CNVD-2017-37871

Vulnerability from cnvd - Published: 2017-12-22

Title

IBM Security Guardium资源错误漏洞

Description

IBM Security Guardium是美国IBM公司的一套提供数据保护功能的平台。该平台包括自定义UI、报告管理和流线化的审计流程构建等功能。 IBM Security Guardium中存在资源错误漏洞。攻击者可利用该漏洞读取或更改资源。

Severity

中

Patch Name

IBM Security Guardium资源错误漏洞的补丁

Patch Description

IBM Security Guardium是美国IBM公司的一套提供数据保护功能的平台。该平台包括自定义UI、报告管理和流线化的审计流程构建等功能。 IBM Security Guardium中存在资源错误漏洞。攻击者可利用该漏洞读取或更改资源。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=swg22011516

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg22011516

Impacted products

Name
['IBM Security Guardium 10.0', 'IBM Security Guardium 10.0.1', 'IBM Security Guardium 10.1', 'IBM Security Guardium 10.1.2', 'IBM Security Guardium 10.1.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1266"
    }
  },
  "description": "IBM Security Guardium\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u6570\u636e\u4fdd\u62a4\u529f\u80fd\u7684\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ec\u81ea\u5b9a\u4e49UI\u3001\u62a5\u544a\u7ba1\u7406\u548c\u6d41\u7ebf\u5316\u7684\u5ba1\u8ba1\u6d41\u7a0b\u6784\u5efa\u7b49\u529f\u80fd\u3002\r\n\r\nIBM Security Guardium\u4e2d\u5b58\u5728\u8d44\u6e90\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6216\u66f4\u6539\u8d44\u6e90\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg22011516",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-37871",
  "openTime": "2017-12-22",
  "patchDescription": "IBM Security Guardium\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u6570\u636e\u4fdd\u62a4\u529f\u80fd\u7684\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ec\u81ea\u5b9a\u4e49UI\u3001\u62a5\u544a\u7ba1\u7406\u548c\u6d41\u7ebf\u5316\u7684\u5ba1\u8ba1\u6d41\u7a0b\u6784\u5efa\u7b49\u529f\u80fd\u3002\r\n\r\nIBM Security Guardium\u4e2d\u5b58\u5728\u8d44\u6e90\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6216\u66f4\u6539\u8d44\u6e90\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Security Guardium\u8d44\u6e90\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Security Guardium 10.0",
      "IBM Security Guardium 10.0.1",
      "IBM Security Guardium 10.1",
      "IBM Security Guardium 10.1.2",
      "IBM Security Guardium 10.1.3"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg22011516",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-22",
  "title": "IBM Security Guardium\u8d44\u6e90\u9519\u8bef\u6f0f\u6d1e"
}

GHSA-WH4V-7H3G-H264

Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42

Details

IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.

Severity ?

5.4 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-1266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-20T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.",
  "id": "GHSA-wh4v-7h3g-h264",
  "modified": "2022-05-13T01:42:44Z",
  "published": "2022-05-13T01:42:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1266"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124741"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22011516"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-1266

Vulnerability from fkie_nvd - Published: 2017-12-20 18:29 - Updated: 2025-04-20 01:37

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22011516	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/124741	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22011516	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/124741	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	security_guardium	10.0
ibm	security_guardium	10.0.1
ibm	security_guardium	10.1.0
ibm	security_guardium	10.1.2
ibm	security_guardium	10.1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "552A0A69-388F-4842-A882-78F267D4BF09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_guardium:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9ACD03A-8D4C-4B94-81AB-D1BBD41E0182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_guardium:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A60EABED-C8D2-4D84-9EE2-80397057DBBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_guardium:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E6B962-F8F8-4979-BC76-AE0B16EEB082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_guardium:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0057282B-A778-4B71-97EC-D054B1EF96A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741."
    },
    {
      "lang": "es",
      "value": "IBM Security Guardium 10.0 especifica permisos para un recurso cr\u00edtico para la seguridad de forma que permite que ese recurso sea le\u00eddo o modificado por actores no planeados. IBM X-Force ID: 124741."
    }
  ],
  "id": "CVE-2017-1266",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-20T18:29:00.433",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22011516"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22011516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124741"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

WID-SEC-W-2025-1359

Vulnerability from csaf_certbund - Published: 2025-06-19 22:00 - Updated: 2025-06-19 22:00

Summary

IBM Security Guardium: Schwachstelle ermöglicht Offenlegung oder Manipulation von Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM Security Guardium ist eine Lösung für die Überwachung und Auditierung des Datenzugriffs.

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM Security Guardium ausnutzen, um Informationen offenzulegen oder zu manipulieren.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "niedrig"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM Security Guardium ist eine L\u00f6sung f\u00fcr die \u00dcberwachung und Auditierung des Datenzugriffs.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM Security Guardium ausnutzen, um Informationen offenzulegen oder zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1359 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1359.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1359 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1359"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 301167 vom 2025-06-19",
        "url": "https://www.ibm.com/support/pages/node/301167"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM Security Guardium: Schwachstelle erm\u00f6glicht Offenlegung oder Manipulation von Informationen",
    "tracking": {
      "current_release_date": "2025-06-19T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-20T10:09:01.604+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1359",
      "initial_release_date": "2025-06-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-06-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=10.1.3",
                "product": {
                  "name": "IBM Security Guardium \u003c=10.1.3",
                  "product_id": "T044740"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=10.1.3",
                "product": {
                  "name": "IBM Security Guardium \u003c=10.1.3",
                  "product_id": "T044740-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.1.4",
                "product": {
                  "name": "IBM Security Guardium \u003c10.1.4",
                  "product_id": "T044741"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.4",
                "product": {
                  "name": "IBM Security Guardium 10.1.4",
                  "product_id": "T044741-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_guardium:10.1.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Guardium"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-1266",
      "product_status": {
        "known_affected": [
          "T044741"
        ],
        "last_affected": [
          "T044740"
        ]
      },
      "release_date": "2025-06-19T22:00:00.000+00:00",
      "title": "CVE-2017-1266"
    }
  ]
}

GSD-2017-1266

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.

Aliases

CVE-2017-1266

Aliases

CVE-2017-1266

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-1266",
    "description": "IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.",
    "id": "GSD-2017-1266"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-1266"
      ],
      "details": "IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.",
      "id": "GSD-2017-1266",
      "modified": "2023-12-13T01:21:12.178550Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2017-12-18T00:00:00",
        "ID": "CVE-2017-1266",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Security Guardium",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "10.0"
                        },
                        {
                          "version_value": "10.0.1"
                        },
                        {
                          "version_value": "10.1"
                        },
                        {
                          "version_value": "10.1.2"
                        },
                        {
                          "version_value": "10.1.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Gain Access"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.ibm.com/support/docview.wss?uid=swg22011516",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22011516"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124741",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124741"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:security_guardium:10.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:security_guardium:10.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:security_guardium:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:security_guardium:10.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1266"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-732"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124741",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124741"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22011516",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22011516"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-12-20T18:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-1266 (GCVE-0-2017-1266)

CNVD-2017-37871

GHSA-WH4V-7H3G-H264

FKIE_CVE-2017-1266

WID-SEC-W-2025-1359

GSD-2017-1266

Tags

Sightings

Nomenclature