CSV Injection Vulnerability in IBM Guardium Data Encryption Products
CVE-2021-39022

6.2MEDIUM

Key Information:

Vendor

IBM
Status
Security Guardium Data Encryption
Vendor
CVE Published:
10 March 2022

What is CVE-2021-39022?

A vulnerability in IBM Guardium Data Encryption 4.0.0.0 and 5.0.0.0 allows for potential CSV injection due to improper handling of user-provided data. The sensitive information stored in comma-separated value (CSV) files may be interpreted as commands when opened in spreadsheet applications, leading to unauthorized actions. This flaw could potentially compromise the integrity of data processed by these products.

Affected Version(s)

Security Guardium Data Encryption 4.0.0.0

Security Guardium Data Encryption 5.0.0.0

References

https://www.ibm.com/support/pages/node/6562379
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/213858
vdb-entryx_refsource_XF

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.