Vulnerabilities > IBM > Guardium Data Encryption
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-07 | CVE-2021-20379 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Guardium Data Encryption 3.0.0.3/4.0.0.4 IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-07-07 | CVE-2021-20415 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Guardium Data Encryption 4.0.0.4 IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 5.0 |
| 2021-07-07 | CVE-2021-20416 | Exposure of Resource to Wrong Sphere vulnerability in IBM Guardium Data Encryption 3.0.0.3/4.0.0.4 IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 5.0 |
| 2021-07-07 | CVE-2021-20417 | Information Exposure Through an Error Message vulnerability in IBM Guardium Data Encryption 4.0.0.4 IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
| 2021-07-07 | CVE-2021-20474 | Missing Authentication for Critical Function vulnerability in IBM Guardium Data Encryption 3.0.0.2/4.0.0.4 IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | 5.0 |
| 2021-06-28 | CVE-2021-20413 | Information Exposure Through an Error Message vulnerability in IBM Guardium Data Encryption 4.0.0.4 IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2020-08-26 | CVE-2019-4695 | Insecure Storage of Sensitive Information vulnerability in IBM Guardium Data Encryption 3.0.0.2 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. | 2.1 |
| 2020-08-26 | CVE-2019-4713 | OS Command Injection vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 9.0 |
| 2020-08-26 | CVE-2019-4701 | Information Exposure vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. | 5.0 |
| 2020-08-26 | CVE-2019-4699 | Information Exposure Through an Error Message vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. | 4.0 |