Information Disclosure in IBM Guardium Data Encryption Product
CVE-2021-39020

2LOW

Key Information:

Vendor: IBM
Status: Guardium Data Encryption
Vendor: CVE Published:; 5 May 2022

Summary

IBM Guardium Data Encryption versions 4.0.0.7 and earlier are vulnerable to an information disclosure issue, where sensitive data is exposed through URL parameters. This flaw can be exploited if unauthorized users gain access to URLs, potentially through server logs, referrer headers, or even browser history. This vulnerability can lead to the unintended exposure of confidential information, emphasizing the importance of securing URL data handling to prevent unauthorized access.

Affected Version(s)

Guardium Data Encryption 4.0.0

Guardium Data Encryption 5.0.0

References

https://www.ibm.com/support/pages/node/6579773

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/213855

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2022
Vulnerability Reserved
Aug 16, 2021