CVE-2022-43910: 
IBM Guardium Appliance vulnerability analysis and mitigation

IBM Security Guardium 11.3 contains a critical privilege escalation vulnerability (CVE-2022-43910) that could allow a local user to escalate their privileges due to improper permission controls. The vulnerability was discovered in October 2022 and affects IBM Security Guardium version 11.3 and its Linux kernel components (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH (NVD) and 8.4 HIGH (IBM), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability stems from improper permission controls in the system, requiring local access but no user interaction for exploitation. The weakness has been categorized as CWE-281 (Improper Preservation of Permissions) (NVD).

If successfully exploited, this vulnerability allows attackers to gain elevated privileges on the affected system, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability of the system (NVD).

IBM has released security fixes for affected versions and strongly encourages customers to update their systems promptly. Patches are available through IBM Support Fix Central for IBM Security Guardium version 11.3 and other affected versions (IBM Advisory).