An information Exposure was addressed in IBM Guardium Data Encryption (GDE). Please apply the latest version for the fixes.
CVEID:CVE-2021-39025
**DESCRIPTION:**IBM Guardium Data Encryption (GDE) could disclose internal IP address information when the web backend is down.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213863 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Product Name | Component Name
| Affected Version
—|—|—
IBM Guardium Data Encryption (GDE) | Guardium Cloud Key Manager (GCKM) | 1.10.1 and lower
IBM Guardium Data Encryption (GDE) | CipherTrust Tokenization Server (CT-VL) | 2.6.3 and lower
IBM Guardium Data Encryption (GDE) | Guardium Data Encryption Server (DSM) | 4.0.0.7 and lower
Please apply the fix from below links, to obtain the fixes.
Note: In order to get the fix, customer needs to login to Thales portal.
Component Name | Fixed in version | Patch/Upgrade link |
---|---|---|
Guardium Cloud Key Manager (GCKM) | 1.10.2 | https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=3f16cf99dbc20110f0e3220805961916&sysparm_article=KB0025602 |
CipherTrust Tokenization Server (CT-VL) | 2.6.4 | https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=914ee8991b990110f9dca6886e4bcb80&sysparm_article=KB0025456 |
Guardium Data Encryption Server (DSM) | 4.0.0.8 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security guardium data encryption | eq | 4.0.0. | |
ibm security guardium data encryption | eq | 5.0.0. |