Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME1BE5B9678F46FC60C5E7E5EE1A0CDA4FAF904F2A8C1E0782275C8DFC68DDD56
HistoryFeb 01, 2022 - 11:58 a.m.

Security Bulletin: A security vulnerability has been identified in IBM Guardium Data Encryption (GDE) (CVE-2021-39021)

2022-02-0111:58:54
www.ibm.com
9

0.001 Low

EPSS

Percentile

25.0%

JSON

Summary

A security vulnerability has been identified in IBM Guardium Data Encryption (GDE) (CVE-2021-39021). Please apply the lested version of GDE , to get the fix.

Vulnerability Details

CVEID:CVE-2021-39021
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213856 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product Affected Component Name Affected Version
GDE 5.0.0.2 Guardium Data Encryption Server 5.0.0.2 (CipherTrust Manager 2.4.2) CM 2.4.2

Remediation/Fixes

For fix, apply patch or update to the latest GDE version.
Note: User need to log into the Thales’s support portal for accessing the below link

Product Name Component Name Fix
GDE 5.0.0.2 Guardium Data Encryption Server 5.0.0.3 (CipherTrust Manager 2.6) https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=c6961a9bdb7bb810f0e32208059619d0&sysparm_article=KB0025160

Workarounds and Mitigations

For mitigation, apply patch or update to the latest GDE version.
Note: User need to log into the Thales’s support portal for accessing the below link

Product Name Component Name Fix
GDE 5.0.0.2 Guardium Data Encryption Server 5.0.0.3 (CipherTrust Manager 2.6) https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=c6961a9bdb7bb810f0e32208059619d0&sysparm_article=KB0025160

Related

cve 1
prion 1
nvd 1
cnvd 1
cvelist 1
cve
cve
CVE-2021-39021
2022-02-02 20:15:07
prion
prion
Design/Logic Flaw
2022-02-02 20:15:00
nvd
nvd
CVE-2021-39021
2022-02-02 20:15:07
cnvd
cnvd
IBM Guardium Data Encryption Information Disclosure Vulnerability (CNVD-2022-08967)
2022-02-08 00:00:00
cvelist
cvelist
CVE-2021-39021
2022-02-01 00:00:00

0.001 Low

EPSS

Percentile

25.0%

JSON
Related for E1BE5B9678F46FC60C5E7E5EE1A0CDA4FAF904F2A8C1E0782275C8DFC68DDD56
cve1prion1nvd1cnvd1cvelist1