Security Bulletin: Vulnerability in IBM Guardium Data Encryption (GDE) (CVE-2021-20414)

Summary

Vulnerabilities identified in IBM Guardium Data Encryption (GDE). These vulnerability have been fixed in GDE - Guardium Tokenization Server 2.6.0.205. Please apply the latest version to obtain the fixes.

Vulnerability Details

CVEID:CVE-2021-20414
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) could allow a user to bruce force sensitive information due to not properly limiting the number of interactions.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196216 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product

|

Version

—|—

GDE

|

3.0.0.2

Remediation/Fixes

Listed vulnerabilities (in this security bulletin) are address in below version of IBM Guardium Data Encryption (GDE). Please apply the latest version to obtain the fix.

Product

|

Fixed Version

|

Link for Fixes

—|—|—

GDE

|

5.0.0.x

|

Thales Portal -> My Products -> Guardium Data Encryption Components

https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=9e0cd4bcdb84201080b234523996190f&sysparm_article=KB0023088

Workarounds and Mitigations

Please apply the latest version to obtain the fixes.