MULTIPLE VULNERABILITIES IN IBM SECURITY GUARDIUM INSIGHTS COULD ALLOW FOR PROGRAM COMPROMISE
Summary: This MS-ISAC advisory is included to advise users of vulnerabilities that affect a network monitoring platform for anomalies. Users of this platform are advised to install patches and use best practices for network security.
Posted Date: 08/24/2020
Published Date: 08/24/2020
Source: MS-ISAC
Sector : Information Technology
TLP: WHITE
MS-ISAC CYBERSECURITY ADVISORY
MS-ISAC ADVISORY NUMBER: 2020-120
DATE(S) ISSUED: 08/24/2020
SUBJECT: Multiple Vulnerabilities in IBM Security Guardium Insights Could Allow for Program Compromise
OVERVIEW:
Multiple vulnerabilities have been discovered in IBM Security Guardium Insights, the most severe of which could allow for the program to become compromised. IBM Security Guardium Insights is a program developed to monitor traffic traveling across the network to protect against data leakage and maintain data integrity. Successful exploitation of the most severe of these vulnerabilities could allow for a remote attacker to compromise the application. This could lead to data leakage or depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
THREAT INTELLIGENCE: There are currently no reports of this vulnerability being exploited in the wild.
SYSTEMS AFFECTED:
- IBM Security Guardium Insights 2.0.1
RISK:
Government:
- Large and medium government entities: High
- Small government entities: Medium
Businesses:
- Large and medium business entities: High
- Small business entities: Medium
Home users: N/A
TECHNICAL SUMMARY:
Multiple Vulnerabilities have been discovered in IBM Security Guardium Insights, the most severe of which could allow for the program to become compromised. Details of these vulnerabilities are as follows:
- A clickjacking vulnerability exists that allows a remote attacker to hijack a victim’s click actions. (CVE-2020-4165)
- An open redirect vulnerability exists that could allow a remote attacker to compromise the application. (CVE-2020-4598)
Successful exploitation of the most severe of these vulnerabilities could allow for a remote attacker to compromise the application. This could lead to data leakage or depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
RECOMMENDATIONS:
We recommend the following actions be taken:
- Apply appropriate patches provided from IBM to vulnerable systems immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
- Apply the Principle of Least Privilege to all systems and services
REFERENCES:
CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4598
IBM:
https://www.ibm.com/support/pages/node/6320069
https://www.ibm.com/support/pages/node/6320061
