CVE-2023-30437: 
IBM Guardium Appliance vulnerability analysis and mitigation

IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. The vulnerability was discovered and reported to IBM by Dawid Bakaj & Michał Brzezicki, and was assigned CVE-2023-30437 with IBM X-Force ID: 252293. The issue was publicly disclosed on August 23, 2023 (IBM Advisory).

The vulnerability has been assigned a CVSS Base Score of 5.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability can be exploited remotely (Network), requires Low attack complexity, needs No privileges, requires No user interaction, has Unchanged scope, and can impact Confidentiality (Low) while having No impact on Integrity and Availability (NVD).

The vulnerability allows unauthorized users to enumerate usernames on the system through specially crafted HTTP requests. This could potentially provide attackers with valuable information about valid usernames that could be used in further attacks against the system (IBM Advisory).

IBM has released security fixes for all affected versions. Customers are encouraged to update their systems promptly with the following patches: For version 11.3: SqlGuard11.0p387Security-Fix, for version 11.4: SqlGuard11.0p475BundleJul-20-2023, and for version 11.5: SqlGuard11.0p530BundleAug-29-2023. No workarounds or alternative mitigations are available (IBM Advisory).