CVE-2019-4697

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 76.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Guardium FOR Cloud KEY ManagementIBM Security Guardium Data EncryptionIBM Guardium Data Encryption
Timeline
PublishedAug 26
Latest updateMay 24

Description

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDibm/guardium< 1.7.0

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-wv6c-jqp4-7xg7: IBM Security Guardium Data Encryption (GDE) 32022-05-24
CVEList
CVE-2019-4697: IBM Security Guardium Data Encryption (GDE) 32020-08-26
CVE-2019-4697 (MEDIUM CVSS 6.5) | IBM Security Guardium Data Encrypti | cvebase.io