CVE-2019-4309

Vulnerability

IBM Security Guardium Big Data Intelligence (SonarG) version 4.0 uses hard-coded credentials, enabling a local user to access highly sensitive information. This vulnerability is identified as CVE-2019-4309 and has a CVSS v3 base score of 5.9 (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). The issue exists in the software configuration and does not require any special privileges to trigger, but it demands local access to the system [1].

Exploitation

An attacker with local access to the system can exploit the hard-coded credentials to retrieve highly sensitive data. No authentication or user interaction is required beyond gaining local access. The attack complexity is high, as it may require specific knowledge of the credential storage location, but the attacker does not need an account on the target system [1].

Impact

Successful exploitation leads to the disclosure of highly sensitive information. The confidentiality impact is high, while integrity and availability are not affected. The compromised scope changes, meaning the attacker can access resources beyond the vulnerable component [1].

Mitigation

IBM has not released a patch or workaround for this vulnerability as of the publication date. The advisory states no workarounds or mitigations are available [1]. Users should monitor IBM's support page for future updates.