Vulnerabilities > IBM > Guardium Data Encryption > 4.0.0.0

DATE CVE VULNERABILITY TITLE RISK
2022-05-10 CVE-2021-39024 Cross-site Scripting vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0/5.0.0.3
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
4.3
2022-05-06 CVE-2021-39027 Improper Encoding or Escaping of Output vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly.
network
low complexity
ibm CWE-116
5.0
5.0
2022-05-05 CVE-2021-39020 Information Exposure vulnerability in IBM Guardium Data Encryption
IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
5.0
5.0
2022-03-10 CVE-2021-39022 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.
network
ibm CWE-1236
6.8
6.8
2022-03-10 CVE-2021-39025 Unspecified vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down.
network
low complexity
ibm
5.0
5.0
2020-08-26 CVE-2019-4689 Information Exposure vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
low complexity
ibm CWE-200
5.0
5.0
2020-08-26 CVE-2019-4686 Information Exposure vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-200
5.0
5.0