9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
58.5%
Multiple security vulnerabilities in Guardium Data Encryption(GDE) (CVE-2023-26272,CVE-2023-26271,CVE-2023-26270). Please apply the latest version for the fixes.
CVEID:CVE-2023-26272
**DESCRIPTION:**IBM Security Guardium Data Encryption could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248133 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2023-26271
**DESCRIPTION:**IBM Security Guardium Data Encryption uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248126 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2023-26270
**DESCRIPTION:**IBM Security Guardium Data Encryption could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248119 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Product Name
| Component Name | Affected Version
—|—|—
IBM Guardium Data Encryption (GDE)| Guardium Cloud Key Manager (GCKM)| 1.10.3 and lower
Please apply the fix from below links, to obtain the fixes.
Note: In order to get the fix, customer needs to login to Thales portal.
Component Name | Fixed in version | Patch/Upgrade link |
---|---|---|
Guardium Cloud Key Manager (GCKM) | 1.10.4 | https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=2aa2be7dc316a1d0e280b1f4e40131be&sysparm_article=KB0027136 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm guardium data encryption | eq | 4.0.0. |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
58.5%