Vulnerabilities > IBM > Guardium Data Encryption > 3.0.0.2

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2021-39020 Information Exposure vulnerability in IBM Guardium Data Encryption
IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
5.3
5.3
2021-07-12 CVE-2021-20414 Unspecified vulnerability in IBM Guardium Data Encryption 3.0.0.2
IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions.
network
low complexity
ibm
4.9
4.9
2021-07-07 CVE-2021-20378 Insufficient Session Expiration vulnerability in IBM Guardium Data Encryption 3.0.0.2/4.0.0.4
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
8.8
8.8
2021-07-07 CVE-2021-20474 Missing Authentication for Critical Function vulnerability in IBM Guardium Data Encryption 3.0.0.2/4.0.0.4
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
network
low complexity
ibm CWE-306
7.5
7.5
2020-08-26 CVE-2019-4695 Insecure Storage of Sensitive Information vulnerability in IBM Guardium Data Encryption 3.0.0.2
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-922
3.3
3.3
2020-08-26 CVE-2019-4713 Unspecified vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm
8.8
8.8
2020-08-26 CVE-2019-4701 Unspecified vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points.
network
low complexity
ibm
5.3
5.3
2020-08-26 CVE-2019-4699 Information Exposure Through an Error Message vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data.
network
low complexity
ibm CWE-209
2.7
2.7
2020-08-26 CVE-2019-4698 Weak Password Requirements vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
7.5
2020-08-26 CVE-2019-4697 Insufficiently Protected Credentials vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-522
6.5
6.5