Vulnerability identified in IBM Guardium Data Encryption (GDE), related to hazardous input. Please apply the latest version for the fixes.
CVEID:CVE-2021-39022
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213858 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N)
Product Name | Component Name | Affected Version |
---|---|---|
IBM Guardium Data Encryption (GDE) | Guardium Cloud Key Manager (GCKM) | 1.10.1 and lower |
IBM Guardium Data Encryption (GDE) | CipherTrust Tokenization Server (CT-VL) | 2.6.3 and lower |
IBM Guardium Data Encryption (GDE) | Guardium Data Encryption Server (DSM) | 4.0.0.8 and lower |
Please apply the fix from below links, to obtain the fixes.
Note: In order to get the fix, customer needs to login to Thales portal.
Component Name | Fixed in version | Patch/Upgrade link |
---|---|---|
Guardium Cloud Key Manager (GCKM) | 1.10.2 | https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=3f16cf99dbc20110f0e3220805961916&sysparm_article=KB0025602 |
CipherTrust Tokenization Server (CT-VL) | 2.6.4 | https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=914ee8991b990110f9dca6886e4bcb80&sysparm_article=KB0025456 |
Guardium Data Encryption Server (GDE) | 4.0.0.8 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security guardium data encryption | eq | 4.0.0. | |
ibm security guardium data encryption | eq | 5.0.0. |