First published: Thu Aug 13 2020(Updated: )
IBM Guardium Data Encryption (GDE) stores user credentials in plain in clear text which can be read by an authenticated user.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Guardium Data Encryption | =3.0.0.2 | |
Ibm Guardium For Cloud Key Management | <1.7.0 | |
<=3.0.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-4697.
The severity level of CVE-2019-4697 is medium (6.5).
The affected software includes IBM Guardium Data Encryption (GDE) 3.0.0.2 and IBM GDE up to version 3.0.0.2, as well as IBM Guardium for Cloud Key Management up to version 1.7.0.
An authenticated user can read the plain text user credentials by accessing the storage location where they are stored.
Yes, IBM has provided a fix for this vulnerability. Please refer to the IBM Support page for more information.