PT-2020-7216 · Ibm · Ibm Infosphere Guardium

Published

2020-09-01

Updated

2020-09-03

CVE-2012-3340

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Guardium versions 8.0 through 8.2

Description The issue is caused by improper validation of user-supplied input, leading to XML external entity injection. A remote authenticated attacker could exploit this to obtain sensitive information.

Recommendations For IBM InfoSphere Guardium versions 8.0 through 8.2, consider restricting access to sensitive information and validating user input to prevent XML external entity injection until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-776

Related Identifiers

CVE-2012-3340

Affected Products

Ibm Infosphere Guardium

PT-2020-7216 · Ibm · Ibm Infosphere Guardium

CVE-2012-3340

Weakness Enumeration

Related Identifiers

Affected Products

References · 4