Vulnerabilities > IBM > Guardium Data Encryption > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-06 | CVE-2021-39023 | Information Exposure Through an Error Message vulnerability in IBM Guardium Data Encryption IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
| 2022-03-10 | CVE-2021-39022 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 8.8 |
| 2021-07-07 | CVE-2021-20378 | Insufficient Session Expiration vulnerability in IBM Guardium Data Encryption 3.0.0.2/4.0.0.4 IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |
| 2021-07-07 | CVE-2021-20379 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Guardium Data Encryption 3.0.0.3/4.0.0.4 IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-07-07 | CVE-2021-20415 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Guardium Data Encryption 4.0.0.4 IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
| 2021-07-07 | CVE-2021-20474 | Missing Authentication for Critical Function vulnerability in IBM Guardium Data Encryption 3.0.0.2/4.0.0.4 IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | 7.5 |
| 2020-08-26 | CVE-2019-4713 | Unspecified vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-08-26 | CVE-2019-4698 | Weak Password Requirements vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2020-08-26 | CVE-2019-4689 | Cleartext Transmission of Sensitive Information vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 7.5 |