Lucene search

IBMD0B87592D381186C8D8F12FBC2DED8A47607F9DA267CB56D4DE6C34D758C3574

HistoryNov 08, 2022 - 4:44 p.m.

Security Bulletin: IBM Security Guardium is affected by a Missing HTTP Strict-Transport-Security Header vulnerability (CVE-2021-39072)

2022-11-0816:44:49

www.ibm.com

ibm security guardium

missing http strict-transport-security header

cve-2021-39072

vulnerability

update

sensitive information

man in the middle

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

46.9%

JSON

Summary

IBM Security Guardium has fixed this vulnerability.

Vulnerability Details

CVEID:CVE-2021-39072
**DESCRIPTION:**IBM Security Guardium could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215581 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Guardium	11.1
IBM Security Guardium	11.2
IBM Security Guardium	11.3
IBM Security Guardium	11.4

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product	Versions	Fix
IBM Security Guardium	11.1	http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard-11.0p165_Bundle_Sep_01_2022&includeSupersedes=0&source=fc
IBM Security Guardium	11.2	http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p277_Bundle_Oct-26-2022&includeSupersedes=0&source=fc
IBM Security Guardium	11.3	http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p360_Bundle_Mar-24-2022&includeSupersedes=0&source=fc
IBM Security Guardium	11.4	http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p430_Bundle_Apr-28-2022&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_guardiumMatch11.1

ibmsecurity_guardiumMatch11.2

ibmsecurity_guardiumMatch11.3

ibmsecurity_guardiumMatch11.4

CPENameOperatorVersion
ibm security guardiumeq11.1
ibm security guardiumeq11.2
ibm security guardiumeq11.3
ibm security guardiumeq11.4

Name	Operator	Version
ibm security guardium	eq	11.1
ibm security guardium	eq	11.2
ibm security guardium	eq	11.3
ibm security guardium	eq	11.4

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

46.9%

JSON

Related for D0B87592D381186C8D8F12FBC2DED8A47607F9DA267CB56D4DE6C34D758C3574