Lucene search

IbmCVE-2021-20417

HistoryJul 07, 2021 - 5:15 p.m.

CVE-2021-20417

2021-07-0717:15:07

CWE-209

ibm

web.nvd.nist.gov

ibm

guardium

data encryption

gde

remote attack

sensitive information

technical error

browser

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

31.0%

JSON

IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219

Affected configurations

Nvd

Vulners

Node

ibmguardium_data_encryptionMatch4.0.0.4

VendorProductVersionCPE
ibmguardium_data_encryption4.0.0.4cpe:2.3:a:ibm:guardium_data_encryption:4.0.0.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	guardium_data_encryption	4.0.0.4	cpe:2.3:a:ibm:guardium_data_encryption:4.0.0.4:::::::*

CNA Affected

[
  {
    "product": "Guardium Data Encryption",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0.4"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/196219

www.ibm.com/support/pages/node/6469691

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

31.0%

JSON

Related for CVE-2021-20417