Information Disclosure Vulnerability in IBM Guardium Data Encryption Products
CVE-2021-20416

3.7LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
7 July 2021

Summary

IBM Guardium Data Encryption versions 3.0.0.3 and 4.0.0.4 contain a vulnerability due to improper management of the HTTPOnly flag on cookies. This oversight enables remote attackers to exploit the flaw and potentially extract sensitive information stored in cookies, posing a risk to data confidentiality and integrity. Affected users should consider immediate actions to mitigate the risks associated with this vulnerability.

Affected Version(s)

Guardium Data Encryption 3.0.0.2

Guardium Data Encryption 4.0.0.4

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.