CVE-2023-30437 - OpenCVE

IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Security Guardium

Configuration 1 [-]

OR	cpe:2.3:a:ibm:security_guardium:11.3:::::::*
	cpe:2.3:a:ibm:security_guardium:11.4:::::::*
	cpe:2.3:a:ibm:security_guardium:11.5:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/252293
https://www.ibm.com/support/pages/node/7028506

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2023-08-27T22:24:41.341Z

Updated: 2024-08-02T14:21:44.814Z

Reserved: 2023-04-08T15:56:20.544Z

Link: CVE-2023-30437

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-08-27T23:15:34.117

Modified: 2023-08-29T04:43:25.400

Link: CVE-2023-30437

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-30437", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-04-08T15:56:20.544Z", "datePublished": "2023-08-27T22:24:41.341Z", "dateUpdated": "2024-08-02T14:21:44.814Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Security Guardium", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.3, 11.4, 11.5"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293."}], "value": "IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "204 Response Discrepancy Information Exposure", "lang": "en"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2023-08-27T22:24:41.341Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7028506"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252293"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Security Guardium information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:21:44.814Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7028506"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252293"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_guardium:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "FBEB866D-1959-41C9-858F-24C05D20E332", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_guardium:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "B9329F08-2AA4-4126-9A7F-1EEBB25A6C1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_guardium:11.5:*:*:*:*:*:*:*", "matchCriteriaId": "B4F327AB-9F53-402C-9BFA-F66F20A83B40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293."}, {"lang": "es", "value": "IBM Security Guardium 11.3, 11.4 y 11.5 podr\u00eda permitir a un usuario no autorizado enumerar nombres de usuario enviando una solicitud HTTP especialmente manipulada. ID de IBM X-Force: 252293. "}], "id": "CVE-2023-30437", "lastModified": "2023-08-29T04:43:25.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2023-08-27T23:15:34.117", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252293"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7028506"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}