Sign-up

ID

VAR-201802-0679


CVE

CVE-2018-1368


TITLE

IBM Security Guardium Database Activity Monitor Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-001822

DESCRIPTION

IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765. IBM Security Guardium Database Activity Monitor Contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability IBM X-Force ID: 137765 It is released as.Information may be obtained and information may be altered. The product provides features such as compliance automation and protection against internal and external threats. An authorization vulnerability exists in the IBM SecurityGuardiumDatabaseActivityMonitor 9.0, 9.1, and 9.5 releases that caused the program to fail to perform sufficient authorization detection

Trust: 2.25

sources: NVD: CVE-2018-1368 // JVNDB: JVNDB-2018-001822 // CNVD: CNVD-2018-03874 // VULMON: CVE-2018-1368

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-03874

AFFECTED PRODUCTS

vendor:ibmmodel:security guardium database activity monitorscope:eqversion:9.0

Trust: 2.4

vendor:ibmmodel:security guardium database activity monitorscope:eqversion:9.1

Trust: 2.4

vendor:ibmmodel:security guardium database activity monitorscope:eqversion:9.5

Trust: 2.4

vendor:ibmmodel:security guardiumscope:eqversion:9.0

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:9.1

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:9.5

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:10.0

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:10.0.1

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:10.1

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:10.1.2

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:10.1.3

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:10.1.4

Trust: 0.6

sources: CNVD: CNVD-2018-03874 // JVNDB: JVNDB-2018-001822 // CNNVD: CNNVD-201802-342 // NVD: CVE-2018-1368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1368
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1368
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-03874
value: LOW

Trust: 0.6

CNNVD: CNNVD-201802-342
value: MEDIUM

Trust: 0.6

VULMON: CVE-2018-1368
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-1368
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-03874
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-1368
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 2.5
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-03874 // VULMON: CVE-2018-1368 // JVNDB: JVNDB-2018-001822 // CNNVD: CNNVD-201802-342 // NVD: CVE-2018-1368

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-001822 // NVD: CVE-2018-1368

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201802-342

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201802-342

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001822

PATCH
title:2013302url:http://www-01.ibm.com/support/docview.wss?uid=swg22013302
Trust: 0.8
title:Patch for IBMSecurityGuardiumDatabaseActivityMonitor Authorization Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/119355
Trust: 0.6
title:IBM Security Guardium Database Activity Monitor Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78437
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-03874 // 
            
            
            
            JVNDB: JVNDB-2018-001822 // 
            
            
            
            CNNVD: CNNVD-201802-342

EXTERNAL IDS
db:NVDid:CVE-2018-1368
Trust: 3.1
db:SECTRACKid:1040349
Trust: 1.7
db:JVNDBid:JVNDB-2018-001822
Trust: 0.8
db:CNVDid:CNVD-2018-03874
Trust: 0.6
db:CNNVDid:CNNVD-201802-342
Trust: 0.6
db:VULMONid:CVE-2018-1368
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-03874 // 
            
            
            
            VULMON: CVE-2018-1368 // 
            
            
            
            JVNDB: JVNDB-2018-001822 // 
            
            
            
            CNNVD: CNNVD-201802-342 // 
            
            
            
            NVD: CVE-2018-1368

REFERENCES
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/137765
Trust: 1.7
url:http://www.ibm.com/support/docview.wss?uid=swg22013302
Trust: 1.7
url:http://www.securitytracker.com/id/1040349
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1368
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1368
Trust: 0.8
url:http://www-01.ibm.com/support/docview.wss?uid=swg22013302
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/269.html
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=56767
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-03874 // 
            
            
            
            VULMON: CVE-2018-1368 // 
            
            
            
            JVNDB: JVNDB-2018-001822 // 
            
            
            
            CNNVD: CNNVD-201802-342 // 
            
            
            
            NVD: CVE-2018-1368

SOURCES
db:CNVDid:CNVD-2018-03874
db:VULMONid:CVE-2018-1368
db:JVNDBid:JVNDB-2018-001822
db:CNNVDid:CNNVD-201802-342
db:NVDid:CVE-2018-1368

LAST UPDATE DATE
2024-08-14T15:29:02.240000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-03874date:2018-02-28T00:00:00
db:VULMONid:CVE-2018-1368date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-001822date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201802-342date:2019-10-23T00:00:00
db:NVDid:CVE-2018-1368date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-03874date:2018-02-28T00:00:00
db:VULMONid:CVE-2018-1368date:2018-02-09T00:00:00
db:JVNDBid:JVNDB-2018-001822date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201802-342date:2018-02-11T00:00:00
db:NVDid:CVE-2018-1368date:2018-02-09T17:29:00.287