Incomplete Blacklisting in IBM Security Guardium Big Data Intelligence (SonarG) 4.0 Allows Bypass of Application Controls

Incomplete Blacklisting in IBM Security Guardium Big Data Intelligence (SonarG) 4.0 Allows Bypass of Application Controls

CVE-2019-4329 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.

Learn more about our Web Application Penetration Testing UK.