cvelistv5 - cve-2024-49336

CVE-2024-49336 (GCVE-0-2024-49336)

Vulnerability from cvelistv5

Published

2024-12-19 17:21

Modified

2025-02-26 18:03

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

References

URL

Tags

psirt@us.ibm.com

https://www.ibm.com/support/pages/node/7179369

Vendor Advisory

Impacted products

	Vendor	Product	Version
	IBM	Security Guardium	Version: 11.5, 12.0 cpe:2.3:a:ibm:security_guardium:11.5:::::::* cpe:2.3:a:ibm:security_guardium:12.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49336",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-20T17:50:59.170641Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T18:03:29.987Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:security_guardium:11.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:security_guardium:12.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Security Guardium",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.5, 12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
            }
          ],
          "value": "IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-25T11:45:45.850Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7179369"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Security Guardium server-side request forgery",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-49336",
    "datePublished": "2024-12-19T17:21:22.636Z",
    "dateReserved": "2024-10-14T12:05:13.491Z",
    "dateUpdated": "2025-02-26T18:03:29.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-49336\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2024-12-19T18:15:22.850\",\"lastModified\":\"2025-02-25T12:15:30.257\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.\"},{\"lang\":\"es\",\"value\":\"IBM Security Guardium 11.5 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda provocar la enumeraci\u00f3n de la red o facilitar otros ataques.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_guardium:11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4F327AB-9F53-402C-9BFA-F66F20A83B40\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7179369\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:security_guardium:11.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:security_guardium:12.0:*:*:*:*:*:*:*\"], \"defaultStatus\": \"unaffected\", \"product\": \"Security Guardium\", \"vendor\": \"IBM\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.5, 12.0\"}]}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.\"}], \"value\": \"IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2025-02-25T11:45:45.850Z\"}, \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7179369\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"IBM Security Guardium server-side request forgery\", \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-49336\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-20T17:50:59.170641Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-20T17:51:11.489Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-49336\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"ibm\", \"dateReserved\": \"2024-10-14T12:05:13.491Z\", \"datePublished\": \"2024-12-19T17:21:22.636Z\", \"dateUpdated\": \"2025-02-26T18:03:29.987Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cnvd-2025-00313

Vulnerability from cnvd

Title

IBM Security Guardium服务端请求伪造漏洞

Description

IBM Security Guardium是美国国际商业机器（IBM）公司的一套提供数据保护功能的平台。该平台包括自定义UI、报告管理和流线化的审计流程构建等功能。 IBM Security Guardium 11.5版本存在服务端请求伪造漏洞，该漏洞源于产品未能正确验证用户输入，已认证的攻击者可利用该漏洞从系统发送未授权的请求，从而可能导致网络枚举或助长其他攻击。

Severity

中

Patch Name

IBM Security Guardium服务端请求伪造漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/7179369

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-49336

Impacted products

Name
IBM IBM Security Guardium 11.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-49336",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-49336"
    }
  },
  "description": "IBM Security Guardium\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u6570\u636e\u4fdd\u62a4\u529f\u80fd\u7684\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ec\u81ea\u5b9a\u4e49UI\u3001\u62a5\u544a\u7ba1\u7406\u548c\u6d41\u7ebf\u5316\u7684\u5ba1\u8ba1\u6d41\u7a0b\u6784\u5efa\u7b49\u529f\u80fd\u3002\n\nIBM Security Guardium 11.5\u7248\u672c\u5b58\u5728\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\uff0c\u5df2\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u7cfb\u7edf\u53d1\u9001\u672a\u6388\u6743\u7684\u8bf7\u6c42\uff0c\u4ece\u800c\u53ef\u80fd\u5bfc\u81f4\u7f51\u7edc\u679a\u4e3e\u6216\u52a9\u957f\u5176\u4ed6\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/7179369",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-00313",
  "openTime": "2025-01-07",
  "patchDescription": "IBM Security Guardium\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u5957\u63d0\u4f9b\u6570\u636e\u4fdd\u62a4\u529f\u80fd\u7684\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ec\u81ea\u5b9a\u4e49UI\u3001\u62a5\u544a\u7ba1\u7406\u548c\u6d41\u7ebf\u5316\u7684\u5ba1\u8ba1\u6d41\u7a0b\u6784\u5efa\u7b49\u529f\u80fd\u3002\r\n\r\nIBM Security Guardium 11.5\u7248\u672c\u5b58\u5728\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\uff0c\u5df2\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u7cfb\u7edf\u53d1\u9001\u672a\u6388\u6743\u7684\u8bf7\u6c42\uff0c\u4ece\u800c\u53ef\u80fd\u5bfc\u81f4\u7f51\u7edc\u679a\u4e3e\u6216\u52a9\u957f\u5176\u4ed6\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Security Guardium\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "IBM IBM Security Guardium 11.5"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-49336",
  "serverity": "\u4e2d",
  "submitTime": "2024-12-25",
  "title": "IBM Security Guardium\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

fkie_cve-2024-49336

Vulnerability from fkie_nvd

Published

2024-12-19 18:15

Modified

2025-02-25 12:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

References

	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7179369	Vendor Advisory

Impacted products

	Vendor	Product	Version
	ibm	security_guardium	11.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_guardium:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F327AB-9F53-402C-9BFA-F66F20A83B40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
    },
    {
      "lang": "es",
      "value": "IBM Security Guardium 11.5 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda provocar la enumeraci\u00f3n de la red o facilitar otros ataques."
    }
  ],
  "id": "CVE-2024-49336",
  "lastModified": "2025-02-25T12:15:30.257",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-19T18:15:22.850",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7179369"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

ghsa-j5p5-v7rm-vgw7

Vulnerability from github

Published

2024-12-19 18:31

Modified

2024-12-19 18:31

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-49336"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-19T18:15:22Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.",
  "id": "GHSA-j5p5-v7rm-vgw7",
  "modified": "2024-12-19T18:31:38Z",
  "published": "2024-12-19T18:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49336"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7179369"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

wid-sec-w-2024-3724

Vulnerability from csaf_certbund

Published

2024-12-18 23:00

Modified

2024-12-18 23:00

Summary

IBM Security Guardium: Schwachstelle ermöglicht Offenlegung von Netzwerkinformationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM Security Guardium ist eine Lösung für die Überwachung und Auditierung des Datenzugriffs.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Security Guardium ausnutzen, um Informationen über das interne Netzwerk offenzulegen und nicht näher beschriebene Angriffe durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM Security Guardium ist eine L\u00f6sung f\u00fcr die \u00dcberwachung und Auditierung des Datenzugriffs.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Security Guardium ausnutzen, um Informationen \u00fcber das interne Netzwerk offenzulegen und nicht n\u00e4her beschriebene Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3724 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3724.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3724 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3724"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-12-18",
        "url": "https://www.ibm.com/support/pages/node/7179369"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM Security Guardium: Schwachstelle erm\u00f6glicht Offenlegung von Netzwerkinformationen",
    "tracking": {
      "current_release_date": "2024-12-18T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-19T09:12:18.548+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3724",
      "initial_release_date": "2024-12-18T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-12-18T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=11.5",
                "product": {
                  "name": "IBM Security Guardium \u003c=11.5",
                  "product_id": "T039918"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=11.5",
                "product": {
                  "name": "IBM Security Guardium \u003c=11.5",
                  "product_id": "T039918-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "Security Guardium"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-49336",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in IBM Security Guardium. Dieser Fehler existiert wegen einer unsachgem\u00e4\u00dfen Behandlung von serverseitigen Anfragen im System, wodurch eine nicht autorisierte Umleitung von Anfragen m\u00f6glich ist. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen \u00fcber das interne Netzwerk zu gewinnen oder andere, nicht n\u00e4her beschriebene Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T039918"
        ]
      },
      "release_date": "2024-12-18T23:00:00.000+00:00",
      "title": "CVE-2024-49336"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-49336 (GCVE-0-2024-49336)

Vulnerability from cvelistv5

cnvd-2025-00313

Vulnerability from cnvd

fkie_cve-2024-49336

Vulnerability from fkie_nvd

ghsa-j5p5-v7rm-vgw7

Vulnerability from github

wid-sec-w-2024-3724

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature