Security Bulletin: Vulnerabilities in IBM Guardium Data Encryption (GDE) (CVE-2020-7676)

Summary

Vulnerabilities identified in IBM Guardium Data Encryption (GDE). These vulnerabilities have been fixed, please apply the latest version to obtain the fix.

Vulnerability Details

CVEID:CVE-2020-7676
**DESCRIPTION:**angular.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183379 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)

|

Version

—|—

GDE

|

4.0.0

Remediation/Fixes

Listed vulnerabilities (in this security bulletin) are address in below version of IBM Guardium Data Encryption (GDE). Please apply the latest version to obtain the fix.

Product

|

Fixed Version

|

Link for Fixes

—|—|—

GDE

|

5.0.0.x

|

Thales Portal -> My Products -> Guardium Data Encryption Components-> GCKM 1.10

https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=c439a9281b042490f2888739cd4bcbb0&sysparm_article=KB0023084

Workarounds and Mitigations

Please apply the latest version to obtain the fixes.