CVE-2022-39166: IBM Security Guardium information disclosure

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2022-39166.

Q: What is the severity of CVE-2022-39166?

The severity of CVE-2022-39166 is medium with a severity value of 4.9.

Q: What is IBM Security Guardium?

IBM Security Guardium is a security product developed by IBM.

Q: What versions of IBM Security Guardium are affected by CVE-2022-39166?

IBM Security Guardium versions 11.4 and up to 11.5 are affected by CVE-2022-39166.

Q: How can a privileged user obtain sensitive information inside of an HTTP response in IBM Security Guardium 11.4?

The details of how a privileged user can obtain sensitive information inside of an HTTP response in IBM Security Guardium 11.4 are not provided.

Published Nov 30, 2022

Updated

IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.

Other sources

IBM Security Guardium could allow a privileged user to obtain sensitive information inside of an HTTP response.

— IBM

Affected Software

4 affected components

IBM Security Guardium=11.4

IBM Security Guardium<=11.3

IBM Security Guardium<=11.4

IBM Security Guardium<=11.5

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6848317

Event History

Nov 30, 2022

CVE Published

12:00 AM

Dec 20, 2022

CVE Published

via MITRE·08:17 PM

Data Sourced

via MITRE·08:17 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6848317

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2022-39166.

What is the severity of CVE-2022-39166?