CVE-2021-20416
First published: Fri Jun 25 2021(Updated: )
IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM GDE | <=3.0.0.2 | |
| IBM GDE | <=4.0.0.4 | |
| IBM Guardium Data Encryption | =3.0.0.3 | |
| IBM Guardium Data Encryption | =4.0.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-20416.
What is the severity rating of CVE-2021-20416?
CVE-2021-20416 has a severity rating of medium with a value of 5.3.
What is the affected software for CVE-2021-20416?
The affected software for CVE-2021-20416 includes IBM Guardium Data Encryption (GDE) versions 3.0.0.3 and 4.0.0.4.
How can a remote attacker exploit CVE-2021-20416?
A remote attacker can exploit CVE-2021-20416 by failing to set the HTTPOnly flag and obtaining sensitive information from the cookie.
Is there any additional information available for CVE-2021-20416?
Yes, you can find additional information for CVE-2021-20416 at the following references: [IBM X-Force ID: 196218](https://exchange.xforce.ibmcloud.com/vulnerabilities/196218) and [IBM Support Page](https://www.ibm.com/support/pages/node/6469407).
- collector/ibm-support
- collector/nvd-index
- vendor/ibm
- canonical/ibm gde
- version/ibm gde/3.0.0.2
- version/ibm gde/4.0.0.4
- canonical/ibm guardium data encryption
- version/ibm guardium data encryption/3.0.0.3
- version/ibm guardium data encryption/4.0.0.4