First published: Fri Jun 25 2021(Updated: )
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Guardium Data Encryption | =3.0.0.2 | |
IBM Guardium Data Encryption | =4.0.0.4 | |
<=3.0.0.2 | ||
<=4.0.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-20378.
The severity of CVE-2021-20378 is high.
IBM Guardium Data Encryption (GDE) versions 3.0.0.2 and 4.0.0.4 are affected.
The vulnerability could allow an authenticated user to impersonate another user on the system.
Yes, you can find references at the following URLs: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/195709), [Link 2](https://www.ibm.com/support/pages/node/6469407).