CVE-2021-39024: XSS
First published: Mon May 09 2022(Updated: )
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213862.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Guardium Data Encryption | =4.0.0.0 | |
| IBM Guardium Data Encryption | =5.0.0.0 | |
| IBM Guardium Data Encryption | =5.0.0.3 | |
| IBM CM 2.6 | <=CM 2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-39024?
CVE-2021-39024 is a vulnerability in IBM Guardium Data Encryption (GDE) that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.
What is the severity of CVE-2021-39024?
CVE-2021-39024 has a severity level of medium with a CVSS score of 6.1.
Which software versions are affected by CVE-2021-39024?
IBM Guardium Data Encryption (GDE) versions 4.0.0.0, 5.0.0.0, and 5.0.0.3 are affected by CVE-2021-39024.
How does CVE-2021-39024 work?
CVE-2021-39024 allows attackers to inject arbitrary JavaScript code into the Web UI of IBM Guardium Data Encryption (GDE), potentially compromising the intended functionality of the application.
Is there a fix for CVE-2021-39024?
IBM has provided a fix for CVE-2021-39024. Users should update to the latest version of IBM Guardium Data Encryption (GDE) to address the vulnerability.
- collector/nvd-index
- collector/ibm-support
- vendor/ibm
- canonical/ibm guardium data encryption
- version/ibm guardium data encryption/4.0.0.0
- version/ibm guardium data encryption/5.0.0.0
- version/ibm guardium data encryption/5.0.0.3
- canonical/ibm cm 2.6
- version/ibm cm 2.6/cm 2.6