CVE-2021-39027

CWE-1163 documents3 sources
Severity
5.0MEDIUM
EPSS
0.1%
top 73.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Guardium Data Encryption
Timeline
PublishedMay 6
Latest updateMay 7

Description

IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/guardium_data_encryption4.0.0, 5.0.0+1
NVDibm/guardium_data_encryption4.0.0.0, 5.0.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-fmqw-7cgw-c6q8: IBM Guardium Data Encryption (GDE) 42022-05-07
CVEList
CVE-2021-39027: IBM Guardium Data Encryption (GDE) 42022-05-06
CVE-2021-39027 (MEDIUM CVSS 5) | IBM Guardium Data Encryption (GDE) | cvebase.io