Security Bulletin: IBM Guardium Data Encryption (GDE) has multiple security vulnerability (CVE-2023-26272,CVE-2023-26271,CVE-2023-26270)

Summary

Multiple security vulnerabilities in Guardium Data Encryption(GDE) (CVE-2023-26272,CVE-2023-26271,CVE-2023-26270). Please apply the latest version for the fixes.

Vulnerability Details

CVEID:CVE-2023-26272
**DESCRIPTION:**IBM Security Guardium Data Encryption could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248133 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2023-26271
**DESCRIPTION:**IBM Security Guardium Data Encryption uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248126 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2023-26270
**DESCRIPTION:**IBM Security Guardium Data Encryption could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248119 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Affected Products and Versions

Product Name

| Component Name | Affected Version
—|—|—
IBM Guardium Data Encryption (GDE)| Guardium Cloud Key Manager (GCKM)| 1.10.3 and lower

Remediation/Fixes

Please apply the fix from below links, to obtain the fixes.
Note: In order to get the fix, customer needs to login to Thales portal.

Workarounds and Mitigations

None