Security Bulletin: IBM Guardium Data Encryption (GDE) has multiple security vulnerability (CVE-2023-26272,CVE-2023-26271,CVE-2023-26270)

Summary Multiple security vulnerabilities in Guardium Data EncryptionGDE CVE-2023-26272,CVE-2023-26271,CVE-2023-26270. Please apply the latest version for the fixes. Vulnerability Details CVEID:CVE-2023-26272 DESCRIPTION: IBM Security Guardium Data Encryption could allow a remote attacker to obta...

HammerSpace GDE / GFS 4.6.6-324 Authentication Bypass Exploit

This utility generates the TOTP passcode used to sign in as the support service account user for HammerSpace GFS default installations. Both the OVA and ISO are affected. Versions 4.6.6-324 and below with a default installation are affected. Affected Product: HammerSpace Global Data Environment /...

HammerSpace GDE / GFS 4.6.6-324 Authentication Bypass

Affected Product: HammerSpace Global Data Environment / Global File System - https://hammerspace.com/product Affected Versions: v4.6.6-324 and below with default installation/configuration. Vendor Notified: Yes, sometime between: 08/2022 and 10/2022, confirmed 2023-03-21 there is a fix in an...

gde-fon.com Cross Site Scripting vulnerability OBB-3220474

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

gde-fon.com Cross Site Scripting vulnerability OBB-2644074

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-39024

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

Cross site scripting

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

CVE-2021-39024

IBM Guardium Data Encryption (GDE) versions 4.0.0.0 and 5.0.0.0 are vulnerable to cross-site scripting via the Web UI, enabling arbitrary JavaScript in trusted sessions and potential credential disclosure. The IBM Security Bulletin summarizes the issue and references CVE-2021-39024, with CVSS v3....

CVE-2021-39023

IBM Guardium Data Encryption GDE 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860...

Information disclosure

IBM Guardium Data Encryption GDE 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860...

CVE-2021-39027

CVE-2021-39027 affects IBM Guardium Data Encryption (GDE) versions 4.0.0 and 5.0.0. The vulnerability arises from missing or incorrect encoding/escaping in a structured message sent to another component, resulting in the intended message structure not being preserved. Impact is described as data ...

CVE-2021-39023

IBM Guardium Data Encryption GDE 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860...

CVE-2021-39023

IBM Guardium Data Encryption (GDE) is affected by CVE-2021-39023 via information disclosure when a detailed browser error message is returned. Affects Guardium Cloud Key Manager (GCKM) 1.10.1 (fixed in 1.10.2), CipherTrust Tokenization Server (CT-VL) 2.6.4.21 (fixed in 2.6.5.98), and Manager (CM)...

CVE-2021-39020

IBM Guardium Data Encryption (GDE) has an information disclosure vulnerability (CVE-2021-39020) where sensitive data is stored in URL parameters. Affected: Vormetric Data Security Manager (DSM) inside GDE Server 4.0.0.7 and earlier. Impact described as potential exposure via server logs, referrer...

Security Bulletin: IBM Guardium Data Encryption is vulnerable to missing data encoding issue (CVE-2021-39027)

Summary A vulnerability was identified in IBM Guardium Data Encryption GDE. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39027 DESCRIPTION: IBM Guardium Data Encryption GDE prepares a structured message for communication with another component, but encoding...

Security Bulletin: Vulnerability CVE-2021-39023 in IBM Guardium Data Encryption (GDE)

Summary Vulnerability identified in IBM Guardium Data Encryption GDE. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39023 DESCRIPTION: IBM Guardium Data Encryption GDE could allow a remote attacker to obtain sensitive information when a detailed technical...

Security Bulletin: IBM Guardium Data Encryption (GDE) has an information exposure vulnerability (CVE-2021-39025)

Summary An information Exposure was addressed in IBM Guardium Data Encryption GDE. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39025 DESCRIPTION: IBM Guardium Data Encryption GDE could disclose internal IP address information when the web backend is down...

Security Bulletin: IBM Guardium Data Encryption (GDE) has a vulnerability (CVE-2021-39022), related to hazardous input.

Summary Vulnerability identified in IBM Guardium Data Encryption GDE, related to hazardous input. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39022 DESCRIPTION: IBM Guardium Data Encryption GDE saves user-provided information into a Comma-Separated Value C...

CVE-2021-39022

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID...

Code injection

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863...