Security Bulletin: IBM Guardium Data Encryption (GDE) has a vulnerability (CVE-2021-39022), related to hazardous input.

Summary

Vulnerability identified in IBM Guardium Data Encryption (GDE), related to hazardous input. Please apply the latest version for the fixes.

Vulnerability Details

CVEID:CVE-2021-39022
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213858 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

Please apply the fix from below links, to obtain the fixes.
Note: In order to get the fix, customer needs to login to Thales portal.

https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=4f1986971b0e4510b840c84b1d4bcbc4&sysparm_article=KB0025645

Workarounds and Mitigations

None