CVE-2024-49336 MEDIUM

CVE-2024-49336: IBM Security Guardium server-side request forgery

Vendor Ibm
Product Security Guardium
Weakness CWE-918 · SSRF
Published December 19, 2024
Last update February 26, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Key dates

02Disclosure timeline

December 19, 2024 CVE published
February 26, 2025 Record updated