There are multiple vulnerabilities identified in IBM Guardium Data Encryption (GDE). These vulnerabilities have been fixed in GDE 4.0.0.5. Please apply the latest version to obtain the fixes.
CVEID:CVE-2017-18214
**DESCRIPTION:**Node.js moment module is vulnerable to a denial of service. A remote attacker could exploit this vulnerability to cause a low severity regular expression denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/135364 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2016-4055
**DESCRIPTION:**The Node.js moment module is vulnerable to a denial of service, caused by an error in the regular expression implementation. An attacker could exploit this vulnerability using a regular expression to cause the application to hang.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/112574 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-20413
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196212 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
GDE | 4.0.0.4 |
Product(s) | Fixed Version |
---|---|
GDE | 4.0.0.5 |
Affected Component | Fixed Version |
— | — |
IBM Guardium for Cloud Key Management (GCKM) | GCKM 1.9 |