Vulnerabilities > IBM > Guardium Data Encryption
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2021-39024 | Cross-site Scripting vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0/5.0.0.3 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. | 6.1 |
| 2022-05-06 | CVE-2021-39023 | Information Exposure Through an Error Message vulnerability in IBM Guardium Data Encryption IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
| 2022-05-06 | CVE-2021-39027 | Improper Encoding or Escaping of Output vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. | 5.0 |
| 2022-05-05 | CVE-2021-39020 | Information Exposure vulnerability in IBM Guardium Data Encryption IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. | 5.3 |
| 2022-03-10 | CVE-2021-39022 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 8.8 |
| 2022-03-10 | CVE-2021-39025 | Unspecified vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. | 5.3 |
| 2022-02-18 | CVE-2021-39026 | Cleartext Transmission of Sensitive Information vulnerability in IBM Guardium Data Encryption 5.0.0.2/5.0.0.3 IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2022-02-02 | CVE-2021-39021 | Information Exposure Through Discrepancy vulnerability in IBM Guardium Data Encryption 5.0.0.2 IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. | 5.3 |
| 2021-07-12 | CVE-2021-20414 | Unspecified vulnerability in IBM Guardium Data Encryption 3.0.0.2 IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. | 4.9 |
| 2021-07-07 | CVE-2021-20378 | Insufficient Session Expiration vulnerability in IBM Guardium Data Encryption 3.0.0.2/4.0.0.4 IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |