CVE-2020-4184: 
IBM Guardium Appliance vulnerability analysis and mitigation

IBM Security Guardium version 11.2 was found to contain a privilege-related vulnerability (CVE-2020-4184). The vulnerability exists because the system performs operations at privilege levels higher than necessary, which could potentially amplify the consequences of other weaknesses (IBM Advisory).

The vulnerability has been assigned a CVSS Base Score of 5.8 (Medium) with the following vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L. This indicates that the vulnerability requires adjacent network access, has high attack complexity, needs no privileges, requires no user interaction, has changed scope, and could result in low impacts to confidentiality, integrity, and availability (IBM Advisory).

The vulnerability could lead to weaknesses being created or the amplification of existing weakness consequences due to unnecessary privilege levels being used during operations (IBM Advisory).

IBM has released patches to address this vulnerability. Affected users should apply the available fixes through IBM Support Fix Central. No temporary workarounds were provided by IBM (IBM Advisory).

The vulnerability was discovered and reported by the IBM X-Force Ethical Hacking Team members Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Kamil Sarbinowski, Vince Dragnea and Troy Fisher (IBM Advisory).