Cross-Site Scripting Flaw in IBM Guardium Data Encryption Products
CVE-2021-39024

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Guardium Data Encryption
Vendor: CVE Published:; 10 May 2022

Summary

IBM Guardium Data Encryption versions 4.0.0.0 and 5.0.0.0 contain a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript code through the Web UI. This exploitation can manipulate the intended functionality of the application, potentially leading to the disclosure of sensitive credentials during a trusted session.

Affected Version(s)

Guardium Data Encryption 4.0.0

Guardium Data Encryption 5.0.0

References

https://www.ibm.com/support/pages/node/6584143

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/213862

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 10, 2022
Vulnerability Reserved
Aug 16, 2021