CVE-2019-4697
First published: Thu Aug 13 2020(Updated: )
IBM Guardium Data Encryption (GDE) stores user credentials in plain in clear text which can be read by an authenticated user.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM GDE | <=3.0.0.2 | |
| IBM Guardium Data Encryption | =3.0.0.2 | |
| Ibm Guardium For Cloud Key Management | <1.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID is CVE-2019-4697.
What is the severity level of CVE-2019-4697?
The severity level of CVE-2019-4697 is medium (6.5).
What is the affected software?
The affected software includes IBM Guardium Data Encryption (GDE) 3.0.0.2 and IBM GDE up to version 3.0.0.2, as well as IBM Guardium for Cloud Key Management up to version 1.7.0.
How can an authenticated user read the plain text user credentials?
An authenticated user can read the plain text user credentials by accessing the storage location where they are stored.
Is there a fix available for this vulnerability?
Yes, IBM has provided a fix for this vulnerability. Please refer to the IBM Support page for more information.
- collector/ibm-support
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/remedy
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm gde
- version/ibm gde/3.0.0.2
- canonical/ibm guardium data encryption
- version/ibm guardium data encryption/3.0.0.2
- canonical/ibm guardium for cloud key management