A vulnerability classified as critical has been found in IBM Security Guardium Insights 2.0.1 (Policy Management Software). This affects some unknown functionality. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-269. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880.

The weakness was disclosed 08/27/2020 (Website). It is possible to read the advisory at ibm.com. This vulnerability is uniquely identified as CVE-2020-4603 since 12/30/2019. The exploitability is told to be difficult. It is possible to initiate the attack remotely. A authentication is required for exploitation. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 11/11/2020). It is expected to see the exploit prices for this product increasing in the near future.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at X-Force (184880). The entries 160399, 160400, 160401 and 160402 are pretty similar.

Productinfoedit

Type

• Policy Management Software

Vendor

• IBM

Name

• Security Guardium Insights

CPE 2.3infoedit

• 🔒

CPE 2.2infoedit

• 🔒

CVSSv3infoedit

CVSSv2infoedit

Exploitinginfoedit

Threat Intelligenceinfoedit

Countermeasuresinfoedit

Timelineinfoedit

Sourcesinfoedit

Entryinfoedit

Comments