Vulnerabilities > IBM > Guardium Data Encryption > 4.0.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2021-39024 | Cross-site Scripting vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0/5.0.0.3 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. | 6.1 |
| 2022-05-06 | CVE-2021-39027 | Improper Encoding or Escaping of Output vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. | 5.0 |
| 2022-05-05 | CVE-2021-39020 | Information Exposure vulnerability in IBM Guardium Data Encryption IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. | 5.3 |
| 2022-03-10 | CVE-2021-39022 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 8.8 |
| 2022-03-10 | CVE-2021-39025 | Unspecified vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. | 5.3 |
| 2020-08-26 | CVE-2019-4691 | Cross-site Scripting vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2020-08-26 | CVE-2019-4689 | Cleartext Transmission of Sensitive Information vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 7.5 |
| 2020-08-26 | CVE-2019-4688 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-08-26 | CVE-2019-4686 | Missing Encryption of Sensitive Data vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. | 5.3 |