Lucene search

K
ibmIBM788ADCAEC5A9C42EDFE7FE11C1B7401A340A0178FF2947C43B7289C2D0D028D0
HistoryMay 05, 2022 - 2:51 p.m.

Security Bulletin: Vulnerability CVE-2021-39023 in IBM Guardium Data Encryption (GDE)

2022-05-0514:51:17
www.ibm.com
27
ibm guardium data encryption
gde
vulnerability
cve-2021-39023
remote attacker
sensitive information
fixes
guardium cloud key manager
gckm
ciphertrust tokenization server
ct-vl
ciphertrust manager
cm
thales portal

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

46.7%

Summary

Vulnerability identified in IBM Guardium Data Encryption (GDE). Please apply the latest version for the fixes.

Vulnerability Details

CVEID:CVE-2021-39023
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213860 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Product Name Component Name Affected Version
IBM Guardium Data Encryption (GDE) Guardium Cloud Key Manager (GCKM) 1.10.1
IBM Guardium Data Encryption (GDE) CipherTrust Tokenization Server (CT-VL) 2.6.4.21
IBM Guardium Data Encryption (GDE) CipherTrust Manager ( CM) 2.6

Remediation/Fixes

Please apply the fix from below links, to obtain the fixes.
Note: In order to get the fix, customer needs to login to Thales portal.

Component Name Fixed in Version Patch/Upgrade link
Guardium Cloud Key Manager (GCKM) 1.10.2 https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=3f16cf99dbc20110f0e3220805961916&sysparm_article=KB0025602
CipherTrust Tokenization Server (CT-VL) 2.6.5.98 https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=b417ffe4c3938d905626176ce0013181&sysparm_article=KB0025821
Manager (CM) 2.7 https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=fe89d70adb7d8110a60cbb13f39619d5&sysparm_article=KB0025567

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmguardium_data_encryptionMatch4.0.0.
OR
ibmguardium_data_encryptionMatch5.0.0.
VendorProductVersionCPE
ibmguardium_data_encryption4.0.0.cpe:2.3:a:ibm:guardium_data_encryption:4.0.0.:*:*:*:*:*:*:*
ibmguardium_data_encryption5.0.0.cpe:2.3:a:ibm:guardium_data_encryption:5.0.0.:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

46.7%

Related for 788ADCAEC5A9C42EDFE7FE11C1B7401A340A0178FF2947C43B7289C2D0D028D0