Multiple Vulnerabilities in IBM Security Guardium Insights Could Allow for Program Compromise

DESCRIPTION

Multiple vulnerabilities have been discovered in IBM Security Guardium Insights, the most severe of which could allow for the program to become compromised. IBM Security Guardium Insights is a program developed to monitor traffic traveling across the network to protect against data leakage and maintain data integrity. Successful exploitation of the most severe of these vulnerabilities could allow for a remote attacker to compromise the application. This could lead to data leakage or depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

IMPACT

Multiple Vulnerabilities have been discovered in IBM Security Guardium Insights, the most severe of which could allow for the program to become compromised. Details of these vulnerabilities are as follows:

• A clickjacking vulnerability exists that allows a remote attacker to hijack a victim’s click actions. (CVE-2020-4165)
• An open redirect vulnerability exists that could allow a remote attacker to compromise the application. (CVE-2020-4598)

Successful exploitation of the most severe of these vulnerabilities could allow for a remote attacker to compromise the application. This could lead to data leakage or depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

SYSTEM AFFECTED

• IBM Security Guardium Insights 2.0.1

RECOMMENDATIONS

Following actions are recommended to be taken:

• Apply appropriate patches provided from IBM to vulnerable systems immediately after appropriate testing.
• Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
• Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
• Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
• Apply the Principle of Least Privilege to all systems and services

REFERENCES

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4165
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4598
• https://www.ibm.com/support/pages/node/6320069
• https://www.ibm.com/support/pages/node/6320061
• https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-ibm-security-guardium-insights-could-allow-for-program-compromise_2020-120/