Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM55ED8BF93E6779B8301436596151DE282CCCC4A0A6853A0F25A9B0883D9A9B90
HistoryAug 24, 2020 - 10:04 a.m.

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

2020-08-2410:04:10
www.ibm.com
7

0.001 Low

EPSS

Percentile

50.6%

JSON

Summary

There are multiple vulnerabilities identified in IBM Guardium Data Encryption (GDE) .These vulnerabilities have been fixed in GDE 4.0.0.0. Please apply the latest version for the fixes.

Vulnerability Details

CVEID:CVE-2019-4713
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172084 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-4698
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171929 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N)

CVEID:CVE-2019-4693
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) stores user credentials in plain in clear text which can be read by a local privileged user.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171831 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)

CVEID:CVE-2019-4701
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) is deployed with active debugging code that can create unintended entry points.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171936 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2019-4692
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171829 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2019-4695
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) allows web pages to be stored locally which can be read by another user on the system.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171926 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
GDE 3.0.0.2

Remediation/Fixes

Product(s) Fixed Version
GDE 4.0.0.0

Workarounds and Mitigations

Affected Component Fixed Version
IBM Guardium for Cloud Key Management (GCKM) GCKM 1.6.2

Related

nvd 6
cve 6
prion 6
cvelist 6
nvd
nvd
CVE-2019-4713
2020-08-26 19:15:13
CVE-2019-4701
2020-08-26 19:15:13
CVE-2019-4693
2020-08-26 19:15:13
cve
cve
CVE-2019-4713
2020-08-26 19:15:13
CVE-2019-4701
2020-08-26 19:15:13
CVE-2019-4695
2020-08-26 20:15:11
prion
prion
Design/Logic Flaw
2020-08-26 19:15:00
Code injection
2020-08-26 20:15:00
Code injection
2020-08-26 19:15:00
cvelist
cvelist
CVE-2019-4713
2020-08-24 00:00:00
CVE-2019-4695
2020-08-24 00:00:00
CVE-2019-4701
2020-08-24 00:00:00

0.001 Low

EPSS

Percentile

50.6%

JSON
Related for 55ED8BF93E6779B8301436596151DE282CCCC4A0A6853A0F25A9B0883D9A9B90
nvd6cve6prion6cvelist6