An information Exposure was addressed in IBM Guardium Data Encryption (GDE). Please apply the latest version for the fixes.
CVEID:CVE-2021-39026
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213864 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Product Name | Component Name | Affected Version |
---|---|---|
Guardium Data Encryption (GDE) | Guardium Data Encryption - CipherTrust Manager (CM) | 5.0.0.2, 5.0.0.3 |
Please apply the fix from below links.
Note: In order to get the fix, customer needs to login to Thales portal.
Component Name | Fixed in Version | Patch/Installable/Upgrade link |
---|---|---|
Guardium Data Encryption - CipherTrust Manager (CM) | GDE 5.0.0.4 | https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=80a1be1edb258510f0e322080596196f&sysparm_article=KB0025532 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security guardium data encryption | eq | 5.0.0. |