CVE-2021-20378

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 72.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Guardium Data Encryption

Timeline

PublishedJul 7

Latest updateMay 24

Description

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/guardium_data_encryption3.0.0.2, 4.0.0.4+1

▶NVDibm/guardium_data_encryption3.0.0.2, 4.0.0.4+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-7mrw-f6g3-g543: IBM Guardium Data Encryption (GDE) 3↗2022-05-24

▶

CVEList

CVE-2021-20378: IBM Guardium Data Encryption (GDE) 3↗2021-07-07

▶