IBM Guardium Data Encryption Information Disclosure Vulnerability (CNVD-2022-13926)

IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. An information disclosure vulnerability exists in IBM Guardium Data Encryption that stems from a failure to properly enable HTTP Strict Transport Security, which can be...

CVE-2021-39026

IBM Guardium Data Encryption GDE 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

Information disclosure

IBM Guardium Data Encryption GDE 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

CVE-2021-39026

CVE-2021-39026 affects IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3, due to a failure to properly enable HTTP Strict Transport Security. This information disclosure vulnerability could let a remote attacker obtain sensitive data via man-in-the-middle techniques. IBM’s bulletin confirms ...

CVE-2021-39026

IBM Guardium Data Encryption GDE 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

CVE-2021-46247

The CVE-2021-46247 entry concerns the ASUS CMAX6000 v1.02.00 4x4 dual‑band WiFi cable modem router. The root cause cited across connected documents is a hard‑coded cryptographic key, enabling an attacker to recover encrypted data. The vulnerability affects the device’s ability to keep data confid...

CVE-2021-46247

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00...

Security Bulletin: IBM Guardium Data Encryption (GDE) has an information exposure vulnerability (CVE-2021-39026 )

Summary An information Exposure was addressed in IBM Guardium Data Encryption GDE. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39026 DESCRIPTION: IBM Guardium Data Encryption GDE could allow a remote attacker to obtain sensitive information, caused by the...

GHSA-7F33-F4F5-XWGW In-band key negotiation issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

IBM Guardium Data Encryption Information Disclosure Vulnerability (CNVD-2022-08967)

IBM Guardium Data Encryption GDE is an application from IBM USA, Inc. IBM Guardium Data Encryption GDE 5.0.0.2 contains a security vulnerability that can be exploited by attackers to cause username enumeration...

CVE-2021-39021

IBM Guardium Data Encryption (GDE) 5.0.0.2 (Guardium Data Encryption Server 5.0.0.2 / CipherTrust Manager 2.4.2) exhibits behavior where responses differ under certain conditions in a way observable to an unauthenticated actor, enabling username enumeration. The issue is confirmed in multiple sou...

CVE-2021-39021

IBM Guardium Data Encryption GDE 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856...

CVE-2021-39021

IBM Guardium Data Encryption GDE 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856...

CVE-2021-39021

IBM Guardium Data Encryption GDE 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856...

Design/Logic Flaw

IBM Guardium Data Encryption GDE 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856...

IBM Guardium Data Encryption 安全漏洞

IBM Guardium Data Encryption GDE is an application from IBM USA, Inc. IBM Guardium Data Encryption GDE 5.0.0.2 contains a security vulnerability that can be exploited by attackers to cause username enumeration...

Security Bulletin: A security vulnerability has been identified in IBM Guardium Data Encryption (GDE) (CVE-2021-39021)

Summary A security vulnerability has been identified in IBM Guardium Data Encryption GDE CVE-2021-39021. Please apply the lested version of GDE , to get the fix. Vulnerability Details CVEID: CVE-2021-39021 DESCRIPTION: IBM Guardium Data Encryption GDE behaves differently or sends different...

FIN8 Hacker group using new ‘White Rabbit’ Ransomware against U.S. Banks

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. White Rabbit is a ransomware family that has only recently been discovered. It could be a subsidiary project of the FIN8 hacking gang. A ransomware expert seeking for a sample of the malware made the first public disclosure...

CVE-2022-23105

CVE-2022-23105 affects Jenkins Active Directory Plugin 2.25 and earlier. The vulnerability stems from the plugin not encrypting data transmitted between the Jenkins controller and Active Directory servers in most configurations, enabling potential information disclosure. Connected advisories refe...

CVE-2021-40148

In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933...