IBM8538AD92CCB71115C2199491C9C2D4ED2D22B07D7DF3C21D9881E39070897214Security Bulletin: IBM Guardium Data Encryption (GDE) has an information exposure vulnerability (CVE-2021-39026 )
0.001 Low
EPSS
Percentile
40.3%
Summary
An information Exposure was addressed in IBM Guardium Data Encryption (GDE). Please apply the latest version for the fixes.
Vulnerability Details
CVEID:CVE-2021-39026
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213864 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Product Name | Component Name | Affected Version |
|---|---|---|
| Guardium Data Encryption (GDE) | Guardium Data Encryption - CipherTrust Manager (CM) | 5.0.0.2, 5.0.0.3 |
Remediation/Fixes
Please apply the fix from below links.
Note: In order to get the fix, customer needs to login to Thales portal.
| Component Name | Fixed in Version | Patch/Installable/Upgrade link |
|---|---|---|
| Guardium Data Encryption - CipherTrust Manager (CM) | GDE 5.0.0.4 | https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=80a1be1edb258510f0e322080596196f&sysparm_article=KB0025532 |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security guardium data encryption | eq | 5.0.0. |
Related
0.001 Low
EPSS
Percentile
40.3%