Remote Information Disclosure in IBM Guardium Data Encryption
CVE-2021-39023

2.7LOW

Key Information:

Vendor: IBM
Status: Guardium Data Encryption
Vendor: CVE Published:; 6 May 2022

Summary

IBM Guardium Data Encryption versions 4.0.0 and 5.0.0 are susceptible to a vulnerability that may allow remote attackers to gain unauthorized access to sensitive information due to the exposure of detailed technical error messages in the browser. These messages can provide potential attackers with valuable insights utilized in subsequent targeted attacks. To mitigate the risk, it is crucial for users to apply recommended patches and follow best security practices.

Affected Version(s)

Guardium Data Encryption 4.0.0

Guardium Data Encryption 5.0.0

References

https://www.ibm.com/support/pages/node/6582473

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/213860

vdb-entryx_refsource_XF

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 6, 2022
Vulnerability Reserved
Aug 16, 2021