Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle January 2026 Critical Patch Update. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impac...

CVE-2021-20474

IBM Guardium Data Encryption GDE 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources...

CVE-2021-20416

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218...

CVE-2021-20415

IBM Guardium Data Encryption (GDE) 4.0.0.4 is affected by an inadequate account lockout setting that could let a remote attacker brute-force credentials. The issue is documented under CVE-2021-20415 and is addressed by IBM in a security bulletin that notes fixes in GDE 4.0.0.5 (and newer 5.x seri...