CVE-2019-4307

Vulnerability

IBM Security Guardium Big Data Intelligence (SonarG) version 4.0 stores user credentials in plain clear text [1]. This flaw exists in the product's internal credential handling and configuration storage, accessible only to local users with low-level access to the system [1].

Exploitation

An attacker must have local access to the affected system [1]. No special privileges or user interaction is required beyond being able to read files or memory where the credentials are stored in plaintext [1]. The attacker can simply read the clear-text credentials from the storage location.

Impact

Successful exploitation allows the attacker to read stored user credentials [1]. This represents a high confidentiality impact as the attacker gains access to authentication secrets, potentially enabling further lateral movement or privilege escalation within the environment [1].

Mitigation

IBM has not released a fix or workaround for this vulnerability as of the publication date [1]. Users should monitor IBM's security advisories for updates. There is no indication that this CVE is listed in the CISA Known Exploited Vulnerabilities catalog. The product may be end-of-life or end-of-support; contact IBM for current support status.