CVE-2021-39020Sensitive Information Exposure in IBM Guardium Data Encryption

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 76.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Guardium Data Encryption
Timeline
PublishedMay 5
Latest updateMay 6

Description

IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/guardium_data_encryption4.0.0, 5.0.0+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-cx5r-3fr2-xpjf: IBM Guardium Data Encryption (GDE) 42022-05-06
CVEList
CVE-2021-39020: IBM Guardium Data Encryption (GDE) 42022-05-05
CVE-2021-39020 — Sensitive Information Exposure in IBM | cvebase