There are multiple vulnerabilities identified in IBM Guardium Data Encryption (GDE) .These vulnerabilities have been fixed in GDE 4.0.0.0. Please apply the latest version for the fixes.
CVEID:CVE-2019-4713
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172084 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2019-4698
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171929 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N)
CVEID:CVE-2019-4693
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) stores user credentials in plain in clear text which can be read by a local privileged user.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171831 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)
CVEID:CVE-2019-4701
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) is deployed with active debugging code that can create unintended entry points.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171936 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2019-4692
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171829 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2019-4695
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) allows web pages to be stored locally which can be read by another user on the system.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171926 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
GDE | 3.0.0.2 |
Product(s) | Fixed Version |
---|---|
GDE | 4.0.0.0 |
Affected Component | Fixed Version |
---|---|
IBM Guardium for Cloud Key Management (GCKM) | GCKM 1.6.2 |