OpenCVE

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/271524
https://www.ibm.com/support/pages/node/7150840

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-05-11T13:07:58.450Z

Updated: 2024-08-02T21:16:43.642Z

Reserved: 2023-11-09T11:31:13.139Z

Link: CVE-2023-47709

Vulnrichment

Updated: 2024-08-02T21:16:43.642Z

NVD

Status : Awaiting Analysis

Published: 2024-05-14T13:56:43.827

Modified: 2024-11-21T08:30:43.043

Link: CVE-2023-47709

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47709", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-11-09T11:31:13.139Z", "datePublished": "2024-05-11T13:07:58.450Z", "dateUpdated": "2024-08-02T21:16:43.642Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Security Guardium", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.3, 11.4, 11.5, 12.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524."}], "value": "IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-05-11T13:07:58.450Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7150840"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271524"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Security Guardium command injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47709", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-13T12:05:59.135538Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:security_guardium:*:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "security_guardium", "versions": [{"status": "affected", "version": "11.3"}, {"status": "affected", "version": "11.4"}, {"status": "affected", "version": "11.5"}, {"status": "affected", "version": "12.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:26:43.588Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:16:43.642Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7150840"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271524"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7150840", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271524", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:16:43.642Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47709", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-13T12:05:59.135538Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:security_guardium:*:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "security_guardium", "versions": [{"status": "affected", "version": "11.3"}, {"status": "affected", "version": "11.4"}, {"status": "affected", "version": "11.5"}, {"status": "affected", "version": "12.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-13T12:25:52.859Z"}}], "cna": {"title": "IBM Security Guardium command injection", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBM", "product": "Security Guardium", "versions": [{"status": "affected", "version": "11.3, 11.4, 11.5, 12.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7150840", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271524", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524.", "supportingMedia": [{"type": "text/html", "value": "IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-05-11T13:07:58.450Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47709", "state": "PUBLISHED", "dateUpdated": "2024-08-02T21:16:43.642Z", "dateReserved": "2023-11-09T11:31:13.139Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-05-11T13:07:58.450Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}