cnvd - cnvd-2017-37858

cnvd-2017-37858

Vulnerability from cnvd

Title: IBM Security Guardium Database Activity Monitor SQL注入漏洞

Description:

IBM Security Guardium Database Activity Monitor是美国IBM公司的一款数据库活动监控器产品。该产品提供合规性自动化控制和防止内外部威胁等功能。

IBM Security Guardium Database Activity Monitor中存在SQL注入漏洞。远程攻击者可通过发送特制的SQL语句利用该漏洞查看、添加、更改或删除后端数据库中的信息。

Severity: 高

Patch Name: IBM Security Guardium Database Activity Monitor SQL注入漏洞的补丁

Patch Description:

IBM Security Guardium Database Activity Monitor是美国IBM公司的一款数据库活动监控器产品。该产品提供合规性自动化控制和防止内外部威胁等功能。

IBM Security Guardium Database Activity Monitor中存在SQL注入漏洞。远程攻击者可通过发送特制的SQL语句利用该漏洞查看、添加、更改或删除后端数据库中的信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=swg22011554

Reference: http://www-01.ibm.com/support/docview.wss?uid=swg22011554

Impacted products

Name
['IBM Security Guardium Database Activity Monitor 10.0', 'IBM Security Guardium Database Activity Monitor 10.0.1', 'IBM Security Guardium Database Activity Monitor 10.1', 'IBM Security Guardium Database Activity Monitor 10.1.2', 'IBM Security Guardium Database Activity Monitor 10.1.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1757"
    }
  },
  "description": "IBM Security Guardium Database Activity Monitor\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u6570\u636e\u5e93\u6d3b\u52a8\u76d1\u63a7\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u63d0\u4f9b\u5408\u89c4\u6027\u81ea\u52a8\u5316\u63a7\u5236\u548c\u9632\u6b62\u5185\u5916\u90e8\u5a01\u80c1\u7b49\u529f\u80fd\u3002\r\n\r\nIBM Security Guardium Database Activity Monitor\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684SQL\u8bed\u53e5\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u3001\u6dfb\u52a0\u3001\u66f4\u6539\u6216\u5220\u9664\u540e\u7aef\u6570\u636e\u5e93\u4e2d\u7684\u4fe1\u606f\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg22011554",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-37858",
  "openTime": "2017-12-22",
  "patchDescription": "IBM Security Guardium Database Activity Monitor\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u6570\u636e\u5e93\u6d3b\u52a8\u76d1\u63a7\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u63d0\u4f9b\u5408\u89c4\u6027\u81ea\u52a8\u5316\u63a7\u5236\u548c\u9632\u6b62\u5185\u5916\u90e8\u5a01\u80c1\u7b49\u529f\u80fd\u3002\r\n\r\nIBM Security Guardium Database Activity Monitor\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684SQL\u8bed\u53e5\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770b\u3001\u6dfb\u52a0\u3001\u66f4\u6539\u6216\u5220\u9664\u540e\u7aef\u6570\u636e\u5e93\u4e2d\u7684\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Security Guardium Database Activity Monitor SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Security Guardium Database Activity Monitor 10.0",
      "IBM Security Guardium Database Activity Monitor 10.0.1",
      "IBM Security Guardium Database Activity Monitor 10.1",
      "IBM Security Guardium Database Activity Monitor 10.1.2",
      "IBM Security Guardium Database Activity Monitor 10.1.3"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg22011554",
  "serverity": "\u9ad8",
  "submitTime": "2017-12-22",
  "title": "IBM Security Guardium Database Activity Monitor SQL\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2017-1757 (GCVE-0-2017-1757)

Vulnerability from cvelistv5

Published

2017-12-20 18:00

Modified

2024-09-17 03:59

Severity ?

CWE

Data Manipulation

Summary

IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/102300	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg22011554	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/135858	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	Security Guardium	Version: 10.0 Version: 10.0.1 Version: 10.1 Version: 10.1.2 Version: 10.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102300",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102300"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22011554"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135858"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Guardium",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.0"
            },
            {
              "status": "affected",
              "version": "10.0.1"
            },
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "10.1.2"
            },
            {
              "status": "affected",
              "version": "10.1.3"
            }
          ]
        }
      ],
      "datePublic": "2017-12-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-29T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "102300",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102300"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22011554"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135858"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-12-18T00:00:00",
          "ID": "CVE-2017-1757",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Guardium",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0"
                          },
                          {
                            "version_value": "10.0.1"
                          },
                          {
                            "version_value": "10.1"
                          },
                          {
                            "version_value": "10.1.2"
                          },
                          {
                            "version_value": "10.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102300",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102300"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22011554",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22011554"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135858",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135858"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1757",
    "datePublished": "2017-12-20T18:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T03:59:56.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted