Weak Permission Management in IBM Security Guardium Data Encryption
CVE-2019-4702

4.2MEDIUM

Key Information:

Vendor: IBM
Status: Security Guardium Data Encryption
Vendor: CVE Published:; 13 January 2021

Summary

IBM Security Guardium Data Encryption version 3.0.0.2 has a vulnerability where permissions for a critical resource are improperly set. This misconfiguration may enable unauthorized users to read or modify sensitive data, potentially leading to significant security breaches. Organizations using this version should review their permission settings to mitigate associated risks.

Affected Version(s)

Security Guardium Data Encryption 3.0.0.2

References

https://www.ibm.com/support/pages/node/6403331

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/171937

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2021
Vulnerability Reserved
Jan 3, 2019