Vulnerabilities > CVE-2021-20378 - Insufficient Session Expiration vulnerability in IBM Guardium Data Encryption 3.0.0.2/4.0.0.4

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
ibm
CWE-613

Summary

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709.

Vulnerable Configurations

Part Description Count
Application
Ibm
2

Common Weakness Enumeration (CWE)