CVE-2022-43909: 
IBM Guardium Appliance vulnerability analysis and mitigation

IBM Security Guardium 11.4 was found to be vulnerable to cross-site scripting (CVE-2022-43909). The vulnerability was disclosed and documented in IBM's security advisory, allowing users to embed arbitrary JavaScript code in the Web UI, potentially compromising the intended functionality and leading to credentials disclosure within a trusted session (IBM Advisory).

The vulnerability is classified as a cross-site scripting (CWE-79) issue with a CVSS v3.1 base score of 5.4 (MEDIUM) according to NIST, and 4.6 (MEDIUM) according to IBM Corporation. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability requires network access, low attack complexity, low privileges, and user interaction (NVD).

The vulnerability could potentially lead to credentials disclosure within a trusted session when successfully exploited. The impact is characterized by low confidentiality and integrity impacts, with no impact on availability (IBM Advisory).

IBM has released security patches to address this vulnerability. Users are encouraged to update their systems promptly. For IBM Security Guardium 11.4, the fix is available through the patch bundle SqlGuard11.0p475Bundle_Jul-20-2023 (IBM Advisory).