CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1115 matches found

Cvelist•added 2022/03/10 7:50 p.m.•20 views

CVE-2021-39025

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863...

5.3CVSS5.3AI score0.00561EPSS

Exploits0References2

CVE•added 2022/03/10 7:50 p.m.•89 views

CVE-2021-39022

CVE-2021-39022 affects IBM Guardium Data Encryption (GDE) versions 4.0.0.0 and 5.0.0.0. The vulnerability arises because GDE saves user-provided information in a CSV file without proper escaping, enabling special elements to be interpreted as commands when the file is opened by spreadsheet softwa...

8.8CVSS8.3AI score0.00471EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/03/10 7:50 p.m.•19 views

CVE-2021-39022

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID...

6.2CVSS8.3AI score0.00471EPSS

Exploits0References2

CNNVD•added 2022/03/10 12:0 a.m.•4 views

IBM Guardium Data Encryption 信息泄露漏洞

IBM Guardium Data Encryption GDE is a software application from IBM, USA. It provides a data security and compliance solution. A security vulnerability exists in IBM Guardium Data Encryption GDE versions 4.0.0.0 and 5.0.0.0, which stems from the ability to publicize internal IP address informatio...

5.3CVSS5.7AI score0.00561EPSS

Exploits0References3

CNNVD•added 2022/03/10 12:0 a.m.•4 views

IBM Guardium Data Encryption 安全漏洞

IBM Guardium Data Encryption GDE is an application from IBM of America, Inc. IBM Guardium Data Encryption versions 4.0.0.0 and 5.0.0.0 contain a security vulnerability that stems from the fact that the software saves user information in a CSV form file with a comma as the separator symbol, but it...

8.8CVSS5.7AI score0.00471EPSS

Exploits0References3

IBM Security Bulletins•added 2022/03/09 8:53 a.m.•29 views

Security Bulletin: IBM Guardium Data Encryption is vulnerable to cross-site scripting (CVE-2020-7676)

Summary A vulnerability to cross-site scripting exists in angular.js which is used in IBM Guardium Data Encryption GDE. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2020-7676 DESCRIPTION: angular.js is vulnerable to cross-site scripting, caused by improper...

5.4CVSS5.5AI score0.02142EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/03/07 8:6 p.m.•13 views

Security Bulletin: Vulnerability in IBM Guardium Data Encryption (GDE) (CVE-2021-20414)

Summary Vulnerabilities identified in IBM Guardium Data Encryption GDE. These vulnerability have been fixed in GDE - Guardium Tokenization Server 2.6.0.205. Please apply the latest version to obtain the fixes. Vulnerability Details CVEID: CVE-2021-20414 DESCRIPTION: IBM Guardium Data Encryption G...

4.9CVSS5.3AI score0.00541EPSS

Exploits0Affected Software1

CNVD•added 2022/02/22 12:0 a.m.•22 views

IBM Guardium Data Encryption Information Disclosure Vulnerability (CNVD-2022-13926)

IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. An information disclosure vulnerability exists in IBM Guardium Data Encryption that stems from a failure to properly enable HTTP Strict Transport Security, which can be...

5.9CVSS5.4AI score0.0049EPSS

Exploits0References1

OSV•added 2022/02/18 6:15 p.m.•1 views

CVE-2021-39026

IBM Guardium Data Encryption GDE 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

5.9CVSS6.3AI score0.0049EPSS

Exploits0References2

Prion•added 2022/02/18 6:15 p.m.•20 views

Information disclosure

4.3CVSS5.3AI score0.0049EPSS

Exploits0References2Affected Software1

CVE•added 2022/02/18 5:35 p.m.•94 views

CVE-2021-39026

CVE-2021-39026 affects IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3, due to a failure to properly enable HTTP Strict Transport Security. This information disclosure vulnerability could let a remote attacker obtain sensitive data via man-in-the-middle techniques. IBM’s bulletin confirms ...

5.9CVSS5.4AI score0.0049EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/02/18 5:35 p.m.•10 views

CVE-2021-39026

5.9CVSS5.5AI score0.0049EPSS

Exploits0References2

CVE•added 2022/02/17 6:15 p.m.•85 views

CVE-2021-46247

The CVE-2021-46247 entry concerns the ASUS CMAX6000 v1.02.00 4x4 dual‑band WiFi cable modem router. The root cause cited across connected documents is a hard‑coded cryptographic key, enabling an attacker to recover encrypted data. The vulnerability affects the device’s ability to keep data confid...

7.5CVSS7.5AI score0.01159EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/02/17 6:15 p.m.•13 views

CVE-2021-46247

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00...

7.7AI score0.01159EPSS

Exploits1References1

IBM Security Bulletins•added 2022/02/17 10:11 a.m.•38 views

Security Bulletin: IBM Guardium Data Encryption (GDE) has an information exposure vulnerability (CVE-2021-39026 )

Summary An information Exposure was addressed in IBM Guardium Data Encryption GDE. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39026 DESCRIPTION: IBM Guardium Data Encryption GDE could allow a remote attacker to obtain sensitive information, caused by the...

5.9CVSS5.1AI score0.0049EPSS

Exploits0Affected Software1

OSV•added 2022/02/11 11:23 p.m.•34 views

GHSA-7F33-F4F5-XWGW In-band key negotiation issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

2.5CVSS5AI score0.00231EPSS

Exploits1References10

CNVD•added 2022/02/08 12:0 a.m.•12 views

IBM Guardium Data Encryption Information Disclosure Vulnerability (CNVD-2022-08967)

IBM Guardium Data Encryption GDE is an application from IBM USA, Inc. IBM Guardium Data Encryption GDE 5.0.0.2 contains a security vulnerability that can be exploited by attackers to cause username enumeration...

5.3CVSS3.2AI score0.00529EPSS

Exploits0References1

CVE•added 2022/02/04 10:32 p.m.•67 views

CVE-2021-39021

IBM Guardium Data Encryption (GDE) 5.0.0.2 (Guardium Data Encryption Server 5.0.0.2 / CipherTrust Manager 2.4.2) exhibits behavior where responses differ under certain conditions in a way observable to an unauthenticated actor, enabling username enumeration. The issue is confirmed in multiple sou...

5.3CVSS5AI score0.00529EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/02/04 10:32 p.m.•15 views

CVE-2021-39021

IBM Guardium Data Encryption GDE 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856...

3.7CVSS5.2AI score0.00529EPSS

Exploits0References2

OSV•added 2022/02/02 8:15 p.m.•2 views

CVE-2021-39021

5.3CVSS5.8AI score0.00529EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by