Information disclosure

IBM Security Guardium Data Encryption GDE 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

CVE-2019-4713

IBM Security Guardium Data Encryption GDE 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084...

CVE-2019-4713

CVE-2019-4713 affects IBM Security Guardium Data Encryption (GDE) 3.0.0.2. A remote authenticated attacker could send a specially crafted request to execute arbitrary commands on the system. Public sources confirm the flaw and its impact (high CWE/CVSS), with IBM providing a fixed version in GDE ...

CVE-2019-4701

IBM Security Guardium Data Encryption GDE 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936...

CVE-2019-4701

CVE-2019-4701 concerns IBM Guardium Data Encryption (GDE) 3.0.0.2, where active debugging code can create unintended entry points. Connected sources (CNVD-2020-50543) describe a cross-site scripting vulnerability in GDE 3.0.0.2 related to this issue, attributed to an unintended debugger entry. Th...

CVE-2019-4699

IBM Security Guardium Data Encryption GDE 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931...

CVE-2019-4699

CVE-2019-4699 affects IBM Guardium Data Encryption (GDE) 3.0.0.2, where an error message can reveal sensitive information about the environment, users, or data. The root cause is information disclosure via error details generated by GDE. Practical impact is information exposure with a low base sc...

CVE-2019-4698

IBM Guardium Data Encryption (GDE) 3.0.0.2 is affected by a password-strength requirement weakness: by default, it does not require strong passwords, which could allow an attacker to compromise user accounts. The issue is documented in CVE-2019-4698 and reflected in IBM/third-party sources in the...

CVE-2019-4698

IBM Security Guardium Data Encryption GDE 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929...

CVE-2019-4694

IBM Security Guardium Data Encryption GDE 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171832...

CVE-2019-4697

Summary (grounded): CVE-2019-4697 affects IBM Guardium Data Encryption (GDE) 3.0.0.2, where user credentials are stored in plaintext and readable by an authenticated user. The vulnerability stems from plaintext storage in GDE 3.0.0.2, enabling credential disclosure. The IBM/IBM X-Force and CNVD/N...

CVE-2019-4694

CVE-2019-4694 involves IBM Guardium Data Encryption (GDE) 3.0.0.2, which contains hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. The underlying risk is credential exposure within the product, as described in the CVE record and corrobor...

CVE-2019-4692

IBM Security Guardium Data Encryption GDE 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829...

CVE-2019-4693

IBM Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plaintext, allowing a locally authenticated privileged user to read them. This is documented across multiple sources (NVD entry CVE-2019-4693 and CNVD-2020-49941), confirming plaintext storage vulnerability in GDE 3.0.0.2. IBM’...

CVE-2019-4691

IBM Security Guardium Data Encryption GDE 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

CVE-2019-4688

IBM Security Guardium Data Encryption GDE 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...

CVE-2019-4689

Summary of CVE-2019-4689 (IBM Guardium Data Encryption, GDE) : GDE 3.0.0.2 stores HTTP Strict Transport Security incorrectly, allowing a remote attacker to obtain sensitive information via man-in-the-middle techniques. The vulnerability is caused by failure to properly enable HSTS, enabling poten...

CVE-2019-4686

CVE-2019-4686 affects IBM Security Guardium Data Encryption (GDE) 3.0.0.2. The root cause is failure to set the secure attribute on authorization tokens or session cookies, allowing an attacker to obtain cookie values by tricking a user into following an http link or via a link planted on a visit...

CVE-2019-4686

IBM Security Guardium Data Encryption GDE 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE .These vulnerabilities have been fixed in GDE 4.0.0.0. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2019-4713 DESCRIPTION: IBM Guardium Data Encryption GDE could allow a...