CVE-2021-39020: Infoleak
First published: Thu Apr 28 2022(Updated: )
IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Guardium Data Encryption | <=4.0.0.7 | |
| IBM GDE Server 4.0.0.7 and lower | <=GDE Server 4.0.0.7 and lower |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-39020?
CVE-2021-39020 is a vulnerability in IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower where sensitive information is stored in URL parameters, potentially leading to information disclosure.
What is the severity of CVE-2021-39020?
The severity of CVE-2021-39020 is medium with a CVSS score of 5.3.
How does CVE-2021-39020 impact IBM Guardium Data Encryption?
CVE-2021-39020 can lead to information disclosure if unauthorized parties have access to the URLs containing sensitive information.
Which versions of IBM Guardium Data Encryption are affected by CVE-2021-39020?
IBM Guardium Data Encryption 4.0.0.7 and lower are affected by CVE-2021-39020.
How can I mitigate CVE-2021-39020?
To mitigate CVE-2021-39020, it is recommended to upgrade to a version higher than 4.0.0.7.
- collector/nvd-index
- collector/ibm-support
- vendor/ibm
- canonical/ibm guardium data encryption
- version/ibm guardium data encryption/4.0.0.7
- canonical/ibm gde server 4.0.0.7 and lower
- version/ibm gde server 4.0.0.7 and lower/gde server 4.0.0.7 and lower