CVE-2022-39166: IBM Security Guardium information disclosure
First published: Wed Nov 30 2022(Updated: )
IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Guardium | =11.4 | |
| IBM Security Guardium | <=11.3 | |
| IBM Security Guardium | <=11.4 | |
| IBM Security Guardium | <=11.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-39166.
What is the severity of CVE-2022-39166?
The severity of CVE-2022-39166 is medium with a severity value of 4.9.
What is IBM Security Guardium?
IBM Security Guardium is a security product developed by IBM.
What versions of IBM Security Guardium are affected by CVE-2022-39166?
IBM Security Guardium versions 11.4 and up to 11.5 are affected by CVE-2022-39166.
How can a privileged user obtain sensitive information inside of an HTTP response in IBM Security Guardium 11.4?
The details of how a privileged user can obtain sensitive information inside of an HTTP response in IBM Security Guardium 11.4 are not provided.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/title
- agent/remedy
- agent/event
- agent/description
- agent/tags
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm security guardium
- version/ibm security guardium/11.4
- version/ibm security guardium/11.3
- version/ibm security guardium/11.5