Unintended Entry Points in IBM Security Guardium Data Encryption
CVE-2019-4701
5.3MEDIUM
Summary
The IBM Security Guardium Data Encryption (GDE) version 3.0.0.2 contains active debugging code that may create unintended entry points, potentially exposing sensitive data to unauthorized access. This situation arises from configuration oversights, making the system vulnerable to exploitation. It highlights the importance of reviewing deployed software configurations to eliminate unnecessary debugging features that can compromise security. For additional details, refer to the IBM support page and the IBM X-Force entry.
Affected Version(s)
Security Guardium Data Encryption 3.0.0.2
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved