Vulnerabilities > IBM > Guardium Data Encryption > 5.0.0.0

DATE CVE VULNERABILITY TITLE RISK
2022-05-10 CVE-2021-39024 Cross-site Scripting vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0/5.0.0.3
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2022-05-06 CVE-2021-39027 Improper Encoding or Escaping of Output vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly.
network
low complexity
ibm CWE-116
5.0
5.0
2022-03-10 CVE-2021-39022 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.
network
low complexity
ibm CWE-1236
8.8
8.8
2022-03-10 CVE-2021-39025 Unspecified vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down.
network
low complexity
ibm
5.3
5.3