A security vulnerability has been identified in IBM Guardium Data Encryption (GDE) (CVE-2021-39021). Please apply the lested version of GDE , to get the fix.
CVEID:CVE-2021-39021
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213856 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product | Affected Component Name | Affected Version |
---|---|---|
GDE 5.0.0.2 | Guardium Data Encryption Server 5.0.0.2 (CipherTrust Manager 2.4.2) | CM 2.4.2 |
For fix, apply patch or update to the latest GDE version.
Note: User need to log into the Thales’s support portal for accessing the below link
Product Name | Component Name | Fix |
---|---|---|
GDE 5.0.0.2 | Guardium Data Encryption Server 5.0.0.3 (CipherTrust Manager 2.6) | https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=c6961a9bdb7bb810f0e32208059619d0&sysparm_article=KB0025160 |
For mitigation, apply patch or update to the latest GDE version.
Note: User need to log into the Thales’s support portal for accessing the below link
Product Name | Component Name | Fix |
---|---|---|
GDE 5.0.0.2 | Guardium Data Encryption Server 5.0.0.3 (CipherTrust Manager 2.6) | https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=c6961a9bdb7bb810f0e32208059619d0&sysparm_article=KB0025160 |
CPE | Name | Operator | Version |
---|---|---|---|
ibm security guardium data encryption | eq | 4.0.0. | |
ibm security guardium data encryption | eq | 5.0.0. |