Low Severity

Security Bulletin: IBM Security Guardium Data Encryption has vulnerability ( CVE-2021-39020)

Share this post:

IBM Guardium Data Encryption (GDE) stores sensitive information in URL parameters. Please apply the latest version for the fixes.

CVE(s): CVE-2021-39020

Affected product(s) and affected version(s):

Product Name  Component Name Affected Version 
IBM Guardium Data Encryption (GDE) Vormetric Data Security Manager (DSM) GDE Server 4.0.0.7 and lower

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6579773
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/213855

More stories

Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-22455)

August 16, 2022 | Low Severity

IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. ...read more


Security Bulletin: CP4D Match 360 is impacted due to vulnerability in IBM WebSphere Application Server Liberty Information Disclosure (CVE-2022-22393)

August 12, 2022 | Low Severity

IBM WebSphere Application Server Liberty is vulnerable to an information disclosure with the adminCenter-1.0 feature enabled. This has been addressed. IBM Match 360 v4.5.0 and prior, is also vulnerable given that it uses WebSphere Application Server Liberty. ...read more


Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is vulnerable to sensitive information exposure due to GNU ncurses (CVE-2019-17595, CVE-2019-17594)

August 4, 2022 | Low Severity

IBM Sterling Connect:Direct for UNIX Certified Container bundles ncurses as third party packages in its container image which has the vulnerability where attacker can obtain sensitive information. This fix updates ncurses to 6.1-9.20180224.el8. ...read more