CVE-2024-49336: 
IBM Guardium Appliance vulnerability analysis and mitigation

IBM Security Guardium versions 11.5 and 12.0 are vulnerable to server-side request forgery (SSRF). This vulnerability (CVE-2024-49336) was disclosed on December 19, 2024, and allows an authenticated attacker to send unauthorized requests from the system (IBM Advisory).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) issue (CWE-918). It has received a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N, indicating network accessibility, low attack complexity, and no user interaction required (NVD).

If exploited, this vulnerability could allow an authenticated attacker to perform network enumeration and potentially facilitate other attacks through unauthorized requests sent from the system (IBM Advisory).

IBM has released security fixes for affected versions. For version 11.5, the fix is available in SqlGuard11.0p555BundleDec-04-2024, and for version 12.0, in SqlGuard12.0p35BundleJan-28-2025. IBM encourages customers to update their systems promptly. No workarounds have been identified (IBM Advisory).

The vulnerability was reported to IBM by Mohamed Saleh from the VAPT team of Asiacell Communications PJSC (IBM Advisory).