Flashes (Alerts)
Abstract
XML External Entity (XXE) security vulnerability in InfoSphere Guardium allows remote authenticated users to obtain sensitive information via unspecified vectors.
Content
VULNERABILITY DETAILS:
CVE ID: CVE-2012-3340
DESCRIPTION:
User can get to an error report containing content of a file on the server with database password.
CVSS:
CVSS Base Score: 4.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/78291 for the current score
CVSS Environmental Score*: Undefined
AFFECTED PLATFORMS:
IBM InfoSphere Guardium 8.2 and earlier
REMEDIATION:
Apply the patch for password disclosure. - The patch is included within the latest GPU for each version.
As of August 24, 2012, the latest Guardium patches and GPU fixpacks for all versions are available through FixCentral.
REFERENCES:
· On-line Calculator V2
· X-Force Vulnerability Database
· CVE-2012-3312
RELATED INFORMATION:
· IBM Secure Engineering Web Portal
· IBM Product Security Incident Response Blog
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21611128