Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB032181B9830877999C8B9122EBF4C2EA60F718942440199C606D7F2AE4B0E48
HistoryDec 23, 2021 - 7:01 a.m.

Security Bulletin: There are multiple vulnerabilities identified in IBM Guardium Data Encryption (GDE) (CVE-2021-20378, CVE-2021-20416, CVE-2021-20474, CVE-2021-20379)

2021-12-2307:01:39
www.ibm.com
7
ibm guardium data encryption
gde
vulnerabilities
fixed version 4.0.0.5
version 5.0.0.x
thales portal

EPSS

0.001

Percentile

40.7%

JSON

Summary

There are multiple vulnerabilities identified in IBM Guardium Data Encryption (GDE). These vulnerabilities have been fixed in GDE 4.0.0.5. Please apply the latest version to obtain the fixes.

Vulnerability Details

CVEID:CVE-2021-20474
**DESCRIPTION:**IBM Security Guardium does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196945 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2021-20378
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195709 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2021-20416
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196218 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2021-20379
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195711 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product

|

Version

—|—

GDE

|

3.0.0.2

GDE

|

4.0.0.4

Remediation/Fixes

Listed vulnerabilities (in this security bulletin) are address in below version of IBM Guardium Data Encryption (GDE). Please apply the latest version to obtain the fix.

Product

|

Fixed Version

|

Link for Fixes

—|—|—

GDE

|

5.0.0.x

|

Thales Portal -> My Products -> Guardium Data Encryption Components

https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=9e0cd4bcdb84201080b234523996190f&sysparm_article=KB0023088

Workarounds and Mitigations

Please apply the latest version to obtain the fixes.

Related

cvelist 4
prion 4
cve 4
nvd 4
cnvd 2
cvelist
cvelist
CVE-2021-20379
2021-07-07 16:30:28
CVE-2021-20416
2021-07-07 16:30:31
CVE-2021-20378
2021-07-07 16:30:26
prion
prion
Design/Logic Flaw
2021-07-07 17:15:00
Authentication flaw
2021-07-07 17:15:00
Code injection
2021-07-07 17:15:00
cve
cve
CVE-2021-20416
2021-07-07 17:15:07
CVE-2021-20378
2021-07-07 17:15:07
CVE-2021-20474
2021-07-07 17:15:07
nvd
nvd
CVE-2021-20416
2021-07-07 17:15:07
CVE-2021-20378
2021-07-07 17:15:07
CVE-2021-20474
2021-07-07 17:15:07
cnvd
cnvd
IBM Security Guardium Data Encryption Information Disclosure Vulnerability (CNVD-2022-05125)
2021-07-08 00:00:00
IBM Security Guardium Data Encryption code issue vulnerability
2021-07-08 00:00:00

EPSS

0.001

Percentile

40.7%

JSON
Related for B032181B9830877999C8B9122EBF4C2EA60F718942440199C606D7F2AE4B0E48
cvelist4prion4cve4nvd4cnvd2