Internal IP Address Disclosure in IBM Guardium Data Encryption
CVE-2021-39025

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Security Guardium Data Encryption
Vendor
CVE Published:
10 March 2022

Summary

IBM Guardium Data Encryption versions 4.0.0.0 and 5.0.0.0 are susceptible to a vulnerability that could lead to the exposure of internal IP address information if the web backend is not operational. This could potentially allow unauthorized access to sensitive network configuration details, posing a risk to data security and integrity.

Affected Version(s)

Security Guardium Data Encryption 4.0.0.0

Security Guardium Data Encryption 5.0.0.0

References

https://www.ibm.com/support/pages/node/6562169
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/213863
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.