Latest ibm guardium data encryption Vulnerabilities

CVE-2021-39024
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende...
IBM Guardium Data Encryption=4.0.0.0
IBM Guardium Data Encryption=5.0.0.0
IBM Guardium Data Encryption=5.0.0.3
IBM CM 2.6<=CM 2.6
CVE-2021-39027
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. A...
IBM Guardium Data Encryption=4.0.0.0
IBM Guardium Data Encryption=5.0.0.0
IBM CT-VL 2.6.4.21<=CT-VL 2.6.4.21
CVE-2021-39023
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information co...
IBM Guardium Data Encryption=1.10.1
IBM Guardium Data Encryption=2.6
IBM Guardium Data Encryption=2.6.4.21
IBM Guardium Data Encryption=4.0.0
IBM Guardium Data Encryption=5.0.0
IBM 1.10.1<=1.10.1
and 2 more
CVE-2021-39020
IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server ...
IBM Guardium Data Encryption<=4.0.0.7
IBM GDE Server 4.0.0.7 and lower<=GDE Server 4.0.0.7 and lower
CVE-2021-39025
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863.
IBM Guardium Data Encryption=4.0.0.0
IBM Guardium Data Encryption=5.0.0.0
IBM 1.10.1 and lower<=1.10.1 and lower
IBM 2.6.3 and lower<=2.6.3 and lower
<=4.0.0.7 and lower
CVE-2021-39022
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements t...
IBM Guardium Data Encryption=4.0.0.0
IBM Guardium Data Encryption=5.0.0.0
IBM 1.10.1 and lower<=1.10.1 and lower
IBM 2.6.3 and lower<=2.6.3 and lower
IBM 4.0.0.8 and lower<=4.0.0.8 and lower
CVE-2021-39026
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attack...
IBM Guardium Data Encryption=5.0.0.2
IBM Guardium Data Encryption=5.0.0.3
IBM 5.0.0.2, 5.0.0.3<=5.0.0.2, 5.0.0.3
CVE-2021-39021
IBM Guardium Data Encryption (GDE) behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username ...
IBM GDE 5.0.0.2<=CM 2.4.2
IBM Guardium Data Encryption=5.0.0.2
CVE-2021-20417
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be u...
IBM Guardium Data Encryption=4.0.0.4
CVE-2021-20474
IBM Security Guardium does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
IBM GDE<=3.0.0.2
IBM GDE<=4.0.0.4
IBM Guardium Data Encryption=3.0.0.2
IBM Guardium Data Encryption=4.0.0.4
CVE-2021-20379
IBM Guardium Data Encryption (GDE) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
IBM GDE<=3.0.0.2
IBM GDE<=4.0.0.4
IBM Guardium Data Encryption=3.0.0.3
IBM Guardium Data Encryption=4.0.0.4
CVE-2021-20416
IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to ...
IBM GDE<=3.0.0.2
IBM GDE<=4.0.0.4
IBM Guardium Data Encryption=3.0.0.3
IBM Guardium Data Encryption=4.0.0.4
CVE-2021-20414
IBM Guardium Data Encryption (GDE) could allow a user to bruce force sensitive information due to not properly limiting the number of interactions.
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
CVE-2019-4697
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938.
IBM Guardium Data Encryption=3.0.0.2
IBM GDE<1.7.0
IBM GDE<=3.0.0.2
CVE-2019-4688
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// li...
IBM Guardium Data Encryption<4.0.0.3
IBM GDE<1.7.0
IBM GDE<=3.0.0.2
CVE-2019-4689
IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit thi...
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption<4.0.0.3
IBM GDE<1.7.0
CVE-2019-4699
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931.
IBM Guardium Data Encryption=3.0.0.2
IBM GDE<1.7.0
IBM GDE<=3.0.0.2
CVE-2019-4693
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.
IBM Guardium Data Encryption=3.0.0.2
IBM GDE<1.7.0
IBM GDE<=3.0.0.2
CVE-2019-4701
IBM Guardium Data Encryption (GDE) is deployed with active debugging code that can create unintended entry points.
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
IBM GDE<1.7.0
CVE-2019-4698
IBM Guardium Data Encryption (GDE) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
IBM GDE<1.7.0
CVE-2019-4713
IBM Guardium Data Encryption (GDE) could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulne...
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2
IBM GDE<1.7.0
CVE-2019-4695
IBM Guardium Data Encryption (GDE) allows web pages to be stored locally which can be read by another user on the system.
IBM GDE<=3.0.0.2
IBM Guardium Data Encryption=3.0.0.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203