Information Disclosure Vulnerability in IBM Guardium Data Encryption Products
CVE-2021-20416

3.7LOW

Key Information:

Vendor: IBM
Status: Guardium Data Encryption
Vendor: CVE Published:; 7 July 2021

Summary

IBM Guardium Data Encryption versions 3.0.0.3 and 4.0.0.4 contain a vulnerability due to improper management of the HTTPOnly flag on cookies. This oversight enables remote attackers to exploit the flaw and potentially extract sensitive information stored in cookies, posing a risk to data confidentiality and integrity. Affected users should consider immediate actions to mitigate the risks associated with this vulnerability.

Affected Version(s)

Guardium Data Encryption 3.0.0.2

Guardium Data Encryption 4.0.0.4

References

https://www.ibm.com/support/pages/node/6469407

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/196218

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 7, 2021
Vulnerability Reserved
Dec 17, 2020