ID

VAR-201802-0679


CVE

CVE-2018-1368


TITLE

IBM Security Guardium Database Activity Monitor Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-001822

DESCRIPTION

IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765. IBM Security Guardium Database Activity Monitor Contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability IBM X-Force ID: 137765 It is released as.Information may be obtained and information may be altered. The product provides features such as compliance automation and protection against internal and external threats. An authorization vulnerability exists in the IBM SecurityGuardiumDatabaseActivityMonitor 9.0, 9.1, and 9.5 releases that caused the program to fail to perform sufficient authorization detection

Trust: 2.25

sources: NVD: CVE-2018-1368 // JVNDB: JVNDB-2018-001822 // CNVD: CNVD-2018-03874 // VULMON: CVE-2018-1368

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-03874

AFFECTED PRODUCTS

vendor:ibmmodel:security guardium database activity monitorscope:eqversion:9.0

Trust: 2.4

vendor:ibmmodel:security guardium database activity monitorscope:eqversion:9.1

Trust: 2.4

vendor:ibmmodel:security guardium database activity monitorscope:eqversion:9.5

Trust: 2.4

vendor:ibmmodel:security guardiumscope:eqversion:9.0

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:9.1

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:9.5

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:10.0

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:10.0.1

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:10.1

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:10.1.2

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:10.1.3

Trust: 0.6

vendor:ibmmodel:security guardiumscope:eqversion:10.1.4

Trust: 0.6

sources: CNVD: CNVD-2018-03874 // JVNDB: JVNDB-2018-001822 // CNNVD: CNNVD-201802-342 // NVD: CVE-2018-1368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1368
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1368
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-03874
value: LOW

Trust: 0.6

CNNVD: CNNVD-201802-342
value: MEDIUM

Trust: 0.6

VULMON: CVE-2018-1368
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-1368
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-03874
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-1368
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 2.5
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-03874 // VULMON: CVE-2018-1368 // JVNDB: JVNDB-2018-001822 // CNNVD: CNNVD-201802-342 // NVD: CVE-2018-1368

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-001822 // NVD: CVE-2018-1368

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201802-342

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201802-342

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001822

PATCH

title:2013302url:http://www-01.ibm.com/support/docview.wss?uid=swg22013302

Trust: 0.8

title:Patch for IBMSecurityGuardiumDatabaseActivityMonitor Authorization Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/119355

Trust: 0.6

title:IBM Security Guardium Database Activity Monitor Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78437

Trust: 0.6

sources: CNVD: CNVD-2018-03874 // JVNDB: JVNDB-2018-001822 // CNNVD: CNNVD-201802-342

EXTERNAL IDS

db:NVDid:CVE-2018-1368

Trust: 3.1

db:SECTRACKid:1040349

Trust: 1.7

db:JVNDBid:JVNDB-2018-001822

Trust: 0.8

db:CNVDid:CNVD-2018-03874

Trust: 0.6

db:CNNVDid:CNNVD-201802-342

Trust: 0.6

db:VULMONid:CVE-2018-1368

Trust: 0.1

sources: CNVD: CNVD-2018-03874 // VULMON: CVE-2018-1368 // JVNDB: JVNDB-2018-001822 // CNNVD: CNNVD-201802-342 // NVD: CVE-2018-1368

REFERENCES

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/137765

Trust: 1.7

url:http://www.ibm.com/support/docview.wss?uid=swg22013302

Trust: 1.7

url:http://www.securitytracker.com/id/1040349

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1368

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-1368

Trust: 0.8

url:http://www-01.ibm.com/support/docview.wss?uid=swg22013302

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=56767

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2018-03874 // VULMON: CVE-2018-1368 // JVNDB: JVNDB-2018-001822 // CNNVD: CNNVD-201802-342 // NVD: CVE-2018-1368

SOURCES

db:CNVDid:CNVD-2018-03874
db:VULMONid:CVE-2018-1368
db:JVNDBid:JVNDB-2018-001822
db:CNNVDid:CNNVD-201802-342
db:NVDid:CVE-2018-1368

LAST UPDATE DATE

2024-08-14T15:29:02.240000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-03874date:2018-02-28T00:00:00
db:VULMONid:CVE-2018-1368date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-001822date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201802-342date:2019-10-23T00:00:00
db:NVDid:CVE-2018-1368date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-03874date:2018-02-28T00:00:00
db:VULMONid:CVE-2018-1368date:2018-02-09T00:00:00
db:JVNDBid:JVNDB-2018-001822date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201802-342date:2018-02-11T00:00:00
db:NVDid:CVE-2018-1368date:2018-02-09T17:29:00.287