4.0.0.4

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

CWE-668

NVD

Published: 2021-07-07

Updated: 2021-07-09

Summary

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Guardium Data Encryption 4.0.0.4 IBM Guardium Data Encryption 3.0.0.3	2

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://www.ibm.com/support/pages/node/6469407
https://exchange.xforce.ibmcloud.com/vulnerabilities/196218