CVE-2019-4339

Vulnerability

IBM Security Guardium Big Data Intelligence (SonarG) version 4.0 uses weaker than expected cryptographic algorithms, as described in [1]. This weakness affects the confidentiality of sensitive information processed by the software. The vulnerability is remotely exploitable with high attack complexity, and no privileges or user interaction are required.

Exploitation

An attacker with network access can exploit the weak cryptographic algorithms by intercepting encrypted communications or data at rest. The high complexity indicates that successful exploitation may require additional effort, such as gathering sufficient ciphertext or performing cryptanalysis, but no prior authentication is needed.

Impact

Successful exploitation leads to the decryption of highly sensitive information, resulting in a high impact on confidentiality. Integrity and availability are not affected. The attacker does not gain any privileges within the system beyond the information disclosure.

Mitigation

IBM has addressed this vulnerability in a security bulletin [1]. Users should apply the recommended fix from IBM. No workarounds or mitigations are available. The exact fixed version is not specified in the provided reference, but users should refer to the bulletin for update instructions.