IBM Security Guardium Data Encryption Information Disclosure Vulnerability (CNVD-2022-05124)

A security vulnerability exists in IBM Security Guardium Data Encryption, an IBM software for securing sensitive data in organizations, which can be exploited by remote attackers to return detailed technical error messages in the browser when to obtain sensitive information...

IBM Security Guardium Data Encryption Information Disclosure Vulnerability (CNVD-2022-05125)

IBM Security Guardium Data Encryption is a software for securing sensitive data within organizations from IBM, U.S.A. A security vulnerability exists in IBM Security Guardium Data Encryption, which stems from the use of weaker than expected encryption algorithms for data encryption, which could b...

IBM Security Guardium Data Encryption code issue vulnerability

A security vulnerability in IBM Security Guardium Data Encryption, a U.S.-based IBM software for securing sensitive data within organizations, stems from the fact that data encryption does not invalidate sessions after logging out and can be exploited by attackers to The vulnerability allows an...

CVE-2021-20474

IBM Guardium Data Encryption GDE 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources...

CVE-2021-20378

IBM Guardium Data Encryption GDE 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709...

CVE-2021-20379

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711...

CVE-2021-20416

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218...

CVE-2021-20474

IBM Guardium Data Encryption GDE 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources...

CVE-2021-20415

IBM Guardium Data Encryption GDE 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217...

CVE-2021-20379

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711...

CVE-2021-20417

IBM Guardium Data Encryption GDE 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219...

CVE-2021-20416

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218...

CVE-2021-20378

IBM Guardium Data Encryption GDE 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709...

Authentication flaw

IBM Guardium Data Encryption GDE 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources...

Code injection

IBM Guardium Data Encryption GDE 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709...

Code injection

IBM Guardium Data Encryption GDE 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217...

Code injection

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711...

Design/Logic Flaw

IBM Guardium Data Encryption GDE 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218...

Information disclosure

IBM Guardium Data Encryption GDE 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219...

CVE-2021-20474

IBM Guardium Data Encryption GDE 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources...