CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)

A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...

IBM Guardium Data Encryption Information Leakage Vulnerability (CNVD-2022-66261)

IBM Guardium Data Encryption is an encryption solution that captures pricing information and is used to protect data and business. An information leakage vulnerability exists in IBM Guardium Data Encryption that originates from storing sensitive information in URL parameters, which can be exploit...

CVE-2021-39023

IBM Guardium Data Encryption GDE 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860...

CVE-2021-39027

IBM Guardium Data Encryption GDE 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865...

CVE-2021-39027

IBM Guardium Data Encryption GDE 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865...

Code injection

IBM Guardium Data Encryption GDE 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865...

CVE-2021-39027

CVE-2021-39027 affects IBM Guardium Data Encryption (GDE) versions 4.0.0 and 5.0.0. The vulnerability arises from missing or incorrect encoding/escaping in a structured message sent to another component, resulting in the intended message structure not being preserved. Impact is described as data ...

CVE-2021-39027

IBM Guardium Data Encryption GDE 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865...

CVE-2021-39023

IBM Guardium Data Encryption (GDE) is affected by CVE-2021-39023 via information disclosure when a detailed browser error message is returned. Affects Guardium Cloud Key Manager (GCKM) 1.10.1 (fixed in 1.10.2), CipherTrust Tokenization Server (CT-VL) 2.6.4.21 (fixed in 2.6.5.98), and Manager (CM)...

CVE-2021-39023

IBM Guardium Data Encryption GDE 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860...

IBM Guardium Data Encryption 安全漏洞

IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. A security vulnerability exists in IBM Guardium Data Encryption GDE that stems from a loss of encoding or escaping of data. No details of the vulnerability are provided at...

PT-2022-10851 · Ibm · Ibm Guardium Data Encryption

Name of the Vulnerable Software and Affected Versions: IBM Guardium Data Encryption GDE versions 4.0.0 through 5.0.0 Description: The issue arises from IBM Guardium Data Encryption GDE preparing a structured message for communication with another component, but the encoding or escaping of the dat...

IBM Guardium Data Encryption 安全漏洞

IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. A security vulnerability exists in IBM Guardium Data Encryption GDE. A remote attacker could exploit the vulnerability to obtain sensitive information when a technical error...

CVE-2021-39020

IBM Guardium Data Encryption GDE 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855...

CVE-2021-39020

IBM Guardium Data Encryption GDE 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855...

Information disclosure

IBM Guardium Data Encryption GDE 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855...

CVE-2021-39020

IBM Guardium Data Encryption (GDE) has an information disclosure vulnerability (CVE-2021-39020) where sensitive data is stored in URL parameters. Affected: Vormetric Data Security Manager (DSM) inside GDE Server 4.0.0.7 and earlier. Impact described as potential exposure via server logs, referrer...

CVE-2021-39020

IBM Guardium Data Encryption GDE 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855...

Security Bulletin: IBM Guardium Data Encryption is vulnerable to missing data encoding issue (CVE-2021-39027)

Summary A vulnerability was identified in IBM Guardium Data Encryption GDE. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39027 DESCRIPTION: IBM Guardium Data Encryption GDE prepares a structured message for communication with another component, but encoding...

Security Bulletin: Vulnerability CVE-2021-39023 in IBM Guardium Data Encryption (GDE)

Summary Vulnerability identified in IBM Guardium Data Encryption GDE. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39023 DESCRIPTION: IBM Guardium Data Encryption GDE could allow a remote attacker to obtain sensitive information when a detailed technical...