Attackers could tamper with IBM Security Access Manager backend database
There are important security updates for IBM Security Access Manager and Security Guardium Insights.
Attackers could attack systems with IBM’s access management solution Security Access Manager. Security Guardium Insights data monitoring software could also allow attackers onto computers. Security updates are available for download.
According to a warning message, attackers could use an SQL injection attack to manipulate the backend database. The vulnerability (CVE-2022-24407) has a threat level of “high” Mistake.
Install safe versions
Two other vulnerabilities (CVE-2022-25709 “high“, CVE-2022-25710 “high’) relate to the OpenLDAP network protocol. Attackers could launch DoS attacks there. The developers state that the vulnerabilities in IBM Security Access Manager 9.0.7.2-ISS-ISAM-IF0004 to have closed.
IBM Security Guardium Insights is vulnerable to multiple vulnerabilities. The majority is with “medium“ classified. After successful attacks, attackers could gain unauthorized access to data. The repaired Version 2.0.2 according to a warning, should be prepared against the attacks.
