CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
46.7%
Vulnerability identified in IBM Guardium Data Encryption (GDE). Please apply the latest version for the fixes.
CVEID:CVE-2021-39023
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213860 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)
Product Name | Component Name | Affected Version |
---|---|---|
IBM Guardium Data Encryption (GDE) | Guardium Cloud Key Manager (GCKM) | 1.10.1 |
IBM Guardium Data Encryption (GDE) | CipherTrust Tokenization Server (CT-VL) | 2.6.4.21 |
IBM Guardium Data Encryption (GDE) | CipherTrust Manager ( CM) | 2.6 |
Please apply the fix from below links, to obtain the fixes.
Note: In order to get the fix, customer needs to login to Thales portal.
Component Name | Fixed in Version | Patch/Upgrade link |
---|---|---|
Guardium Cloud Key Manager (GCKM) | 1.10.2 | https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=3f16cf99dbc20110f0e3220805961916&sysparm_article=KB0025602 |
CipherTrust Tokenization Server (CT-VL) | 2.6.5.98 | https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=b417ffe4c3938d905626176ce0013181&sysparm_article=KB0025821 |
Manager (CM) | 2.7 | https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=fe89d70adb7d8110a60cbb13f39619d5&sysparm_article=KB0025567 |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | guardium_data_encryption | 4.0.0. | cpe:2.3:a:ibm:guardium_data_encryption:4.0.0.:*:*:*:*:*:*:* |
ibm | guardium_data_encryption | 5.0.0. | cpe:2.3:a:ibm:guardium_data_encryption:5.0.0.:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
46.7%