Login Sign Up

CVE-2012-3336

8.8 HIGH
SQL Injection

📋 TL;DR

CVE-2012-3336 is an SQL injection vulnerability in IBM InfoSphere Guardium that allows authenticated remote attackers to execute arbitrary SQL commands. This could lead to unauthorized viewing, modification, or deletion of database information. Affected versions include Guardium 8.0, 8.01, and 8.2.

💻 Affected Systems

Products:
  • IBM InfoSphere Guardium
Versions: 8.0, 8.01, 8.2
Operating Systems: Not OS-specific - affects Guardium application
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to vulnerable scripts. Affects multiple scripts according to advisory.

📦 What is this software?

Infosphere Guardium by Ibm

View all CVEs affecting Infosphere Guardium →

Infosphere Guardium by Ibm

View all CVEs affecting Infosphere Guardium →

Infosphere Guardium by Ibm

View all CVEs affecting Infosphere Guardium →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Guardium database, allowing data theft, modification, or deletion, and potential privilege escalation to full system control.

🟠

Likely Case

Unauthorized access to sensitive audit data, configuration information, or user credentials stored in the Guardium database.

🟢

If Mitigated

Limited impact due to network segmentation, proper authentication controls, and input validation at other layers.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit once identified. Requires authenticated access to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes as specified in IBM advisory APAR IC84966

Vendor Advisory: http://www-01.ibm.com/support/docview.wss?uid=swg21611130

Restart Required: Yes

Instructions:

1. Review IBM advisory APAR IC84966. 2. Apply the recommended fix for your Guardium version. 3. Restart Guardium services. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to Guardium management interfaces to only authorized administrative networks

Use firewall rules to limit access to Guardium ports (e.g., iptables -A INPUT -s trusted_network -p tcp --dport guardium_port -j ACCEPT)

Input Validation Enhancement

all

Implement additional input validation at web application layer if possible

🧯 If You Can't Patch

  • Implement strict network access controls to limit which systems can communicate with Guardium
  • Monitor Guardium logs for unusual SQL query patterns or unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check Guardium version via administrative interface or command line. If running 8.0, 8.01, or 8.2 without the fix, system is vulnerable.

Check Version:

grep -i version /opt/IBM/Guardium/version.txt or check via Guardium web interface

Verify Fix Applied:

Verify fix application by checking version/patch level in Guardium admin console and confirming with IBM advisory APAR IC84966

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL query patterns in Guardium logs
  • Multiple failed authentication attempts followed by SQL errors
  • Unexpected database modifications

Network Indicators:

  • Unusual traffic patterns to Guardium database ports
  • SQL injection patterns in HTTP requests to Guardium

SIEM Query:

source="guardium" AND ("sql injection" OR "unusual query" OR "syntax error")

📊 Metadata

CVE ID: CVE-2012-3336
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: September 1, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2012-3336, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)