CVE-2012-3340

{"id": "CVE-2012-3340", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2020-09-01T17:15:11.560", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21611128", "tags": ["Broken Link"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78291", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-776"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291."}, {"lang": "es", "value": "IBM InfoSphere Guardium versiones 8.0, 8.01 y 8.2, es vulnerable a una inyecci\u00f3n de entidad externa XML, causada por una comprobaci\u00f3n inapropiada de la entrada suministrada por un usuario. Un atacante autenticado remoto podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n confidencial. IBM X-Force ID: 78291"}], "lastModified": "2020-09-03T19:42:32.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_guardium:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5F2BF5E-BFAD-4F09-92AA-409E2B3CFA76"}, {"criteria": "cpe:2.3:a:ibm:infosphere_guardium:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFDA718C-3179-414E-9D47-A2F8A31C978F"}, {"criteria": "cpe:2.3:a:ibm:infosphere_guardium:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36B8FA25-B5FA-4623-A703-D9F0CCD8BB65"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}