CVE-2016-6065 IBM CVE debrief

Who should care

Organizations running IBM Security Guardium Database Activity Monitor, especially instances on the affected versions listed by NVD (8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1, and 10.1.2). Security teams responsible for appliance hardening, patching, and local-access control should prioritize review.

Technical summary

The NVD record describes a local command-injection weakness (CWE-78) in IBM Security Guardium Database Activity Monitor. A local user with the required privileges could inject commands that are then executed as root. NVD’s CVSS vector is CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, reflecting high impact if the flaw is successfully exercised. The record’s vulnerable CPEs include Guardium versions 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1, and 10.1.2.

Defensive priority

High

Recommended defensive actions

• Confirm whether any IBM Security Guardium Database Activity Monitor appliances match the affected versions listed in the NVD record.
• Follow IBM’s advisory and patch guidance for remediation.
• Restrict and review local access on the appliance, since exploitation requires local privileges.
• Review logs and administrative activity for unusual command execution or privilege-related anomalies.
• Track exposure across all Guardium deployments and verify remediation after patching.

Evidence notes

The debrief is based on the supplied NVD record and its metadata. NVD published the CVE on 2017-02-01 and last modified the record on 2026-05-13. The record includes IBM vendor advisory references and a third-party advisory reference, and it identifies CWE-78 with CVSS 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Official resources