Particularly worthy of mention, in this case, is that there is evidence to suggest that a PoC (Proof-of-Concept) exists for three of the vulnerabilities in the report.
What is PoC?
PoC or Proof-of-Concept is an information security term for when remote threat actors (hackers) discover a working method to exploit a security flaw.
IBM Security Guardium is Vulnerable
Technical analysis by security researchers has confirmed that a PoC is available for three of the vulnerabilities, stemming from security holes in an open-source component called the Jackson library. Specifically, IBM’s findings confirm a ‘jackson-databind vulnerability.’ These findings point to the fact that systems with unpatched versions of IBM Security Guardium can be completely compromised by remote threats.
About IBM Security Guardium
IBM Security Guardium is an enterprise-grade scalable data protection solution that, “prevents leaks from databases, data warehouses and Big Data environments such as Hadoop, ensures the integrity of information and automates compliance controls across heterogeneous environments.” IBM is a key player in database security, and Security Guardium is IBM’s flagship data security solution utilized in several industries e.g. large enterprises, healthcare, education, industry, government et al.
Technical Analysis of The Three Vulnerabilities
There is a PoC for the exploitation of three vulnerabilities; CVE-2020-36188, CVE-2020-36184, and CVE-2020-36180. All three are vulnerability type: ‘Deserialization of Untrusted Data.‘ For all three vulnerabilities, a remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system. Successful exploitation may result in the complete compromise of a vulnerable system.
CVE-2020-36188
The vulnerability allows a remote attacker to execute arbitrary code on the target system and exists due to insecure input validation when processing serialized data related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CVE-2020-36184
The vulnerability allows a remote attacker to execute arbitrary code on the target system, and exists due to insecure input validation when processing serialized data related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-36180
The vulnerability allows a remote attacker to execute arbitrary code on the target system and exists due to insecure input validation when processing serialized data related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
Vulnerable Software Versions
The following versions of IBM Security Guardium are vulnerable to the above threats; IBM Security Guardium: 11.0, 11.1, 11.2, 11.3
Important User Information
Patches have been released that update the FasterXML jackson-databind security issue and remediate the above security holes. The security fixes for each afflicted version of IBM Security Guardium are as follows;
V11.0 V11.1 V11.2 V11.3