Ibm Guardium Data Encryption — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Guardium Data Encryption, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (29)
CVE-2019-4694 — CVSS 9.8 (critical): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses…
CVE-2019-4713 — CVSS 8.8 (high): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the…
CVE-2021-39022 — CVSS 8.8 (high): IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does…
CVE-2021-20378 — CVSS 8.8 (high): IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to…
CVE-2021-39023 — CVSS 7.5 (high): IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical…
CVE-2021-20474 — CVSS 7.5 (high): IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user…
CVE-2021-20415 — CVSS 7.5 (high): IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force…
CVE-2021-20379 — CVSS 7.5 (high): IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to…
CVE-2019-4698 — CVSS 7.5 (high): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it…
CVE-2019-4689 — CVSS 7.5 (high): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to…
CVE-2019-4697 — CVSS 6.5 (medium): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated…
CVE-2021-39024 — CVSS 6.1 (medium): IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2021-39026 — CVSS 5.9 (medium): IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure…
CVE-2019-4691 — CVSS 5.4 (medium): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2019-4686 — CVSS 5.3 (medium): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers…
CVE-2019-4692 — CVSS 5.3 (medium): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to…
CVE-2019-4701 — CVSS 5.3 (medium): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM…
CVE-2021-20416 — CVSS 5.3 (medium): IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure…
CVE-2021-39020 — CVSS 5.3 (medium): IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information…
CVE-2021-39021 — CVSS 5.3 (medium): IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is…
CVE-2021-39025 — CVSS 5.3 (medium): IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM…
CVE-2021-39027 — CVSS 5.0 (medium): IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or…
CVE-2021-20414 — CVSS 4.9 (medium): IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number…
CVE-2019-4693 — CVSS 4.4 (medium): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged…
CVE-2019-4688 — CVSS 4.3 (medium): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers…
CVE-2021-20417 — CVSS 4.3 (medium): IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error…
CVE-2021-20413 — CVSS 4.3 (medium): IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error…
CVE-2019-4695 — CVSS 3.3 (low): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system…
CVE-2019-4699 — CVSS 2.7 (low): IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment…