cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-39024,https://securityvulnerability.io/vulnerability/CVE-2021-39024,Cross-Site Scripting Flaw in IBM Guardium Data Encryption Products,"IBM Guardium Data Encryption versions 4.0.0.0 and 5.0.0.0 contain a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript code through the Web UI. This exploitation can manipulate the intended functionality of the application, potentially leading to the disclosure of sensitive credentials during a trusted session.",IBM,Guardium Data Encryption,4.8,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2022-05-10T16:15:00.000Z,0
CVE-2021-39023,https://securityvulnerability.io/vulnerability/CVE-2021-39023,Remote Information Disclosure in IBM Guardium Data Encryption,"IBM Guardium Data Encryption versions 4.0.0 and 5.0.0 are susceptible to a vulnerability that may allow remote attackers to gain unauthorized access to sensitive information due to the exposure of detailed technical error messages in the browser. These messages can provide potential attackers with valuable insights utilized in subsequent targeted attacks. To mitigate the risk, it is crucial for users to apply recommended patches and follow best security practices.",IBM,Guardium Data Encryption,2.7,LOW,0.0012100000167265534,false,,false,false,false,,,false,false,,2022-05-06T16:15:00.000Z,0
CVE-2021-39027,https://securityvulnerability.io/vulnerability/CVE-2021-39027,Data Encoding Flaw in IBM Guardium Data Encryption Software,"IBM Guardium Data Encryption versions 4.0.0 and 5.0.0 contain a vulnerability where the preparation of structured messages for component communication lacks proper data encoding or escaping. This oversight compromises the integrity of the message structure, potentially allowing unintended modifications or misinterpretations during data transmission.",IBM,Guardium Data Encryption,3,LOW,0.00046999999904073775,false,,false,false,false,,,false,false,,2022-05-06T16:15:00.000Z,0
CVE-2021-39020,https://securityvulnerability.io/vulnerability/CVE-2021-39020,Information Disclosure in IBM Guardium Data Encryption Product,"IBM Guardium Data Encryption versions 4.0.0.7 and earlier are vulnerable to an information disclosure issue, where sensitive data is exposed through URL parameters. This flaw can be exploited if unauthorized users gain access to URLs, potentially through server logs, referrer headers, or even browser history. This vulnerability can lead to the unintended exposure of confidential information, emphasizing the importance of securing URL data handling to prevent unauthorized access.",IBM,Guardium Data Encryption,2,LOW,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-05-05T16:15:00.000Z,0
CVE-2021-39025,https://securityvulnerability.io/vulnerability/CVE-2021-39025,Internal IP Address Disclosure in IBM Guardium Data Encryption,"IBM Guardium Data Encryption versions 4.0.0.0 and 5.0.0.0 are susceptible to a vulnerability that could lead to the exposure of internal IP address information if the web backend is not operational. This could potentially allow unauthorized access to sensitive network configuration details, posing a risk to data security and integrity.",IBM,Security Guardium Data Encryption,5.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-03-10T20:15:00.000Z,0
CVE-2021-39022,https://securityvulnerability.io/vulnerability/CVE-2021-39022,CSV Injection Vulnerability in IBM Guardium Data Encryption Products,"A vulnerability in IBM Guardium Data Encryption 4.0.0.0 and 5.0.0.0 allows for potential CSV injection due to improper handling of user-provided data. The sensitive information stored in comma-separated value (CSV) files may be interpreted as commands when opened in spreadsheet applications, leading to unauthorized actions. This flaw could potentially compromise the integrity of data processed by these products.",IBM,Security Guardium Data Encryption,6.2,MEDIUM,0.00203999993391335,false,,false,false,false,,,false,false,,2022-03-10T20:15:00.000Z,0
CVE-2021-39026,https://securityvulnerability.io/vulnerability/CVE-2021-39026,Information Disclosure Vulnerability in IBM Guardium Data Encryption,"IBM Guardium Data Encryption versions 5.0.0.2 and 5.0.0.3 are affected by a vulnerability that arises from the improper configuration of HTTP Strict Transport Security (HSTS). This oversight could allow remote attackers to intercept sensitive information via man-in-the-middle attacks, posing significant risks to data confidentiality. To mitigate this vulnerability, users are recommended to apply the necessary patches and ensure proper HTTP security settings are enforced.",IBM,Security Guardium Data Encryption,5.9,MEDIUM,0.0009500000160187483,false,,false,false,false,,,false,false,,2022-02-18T18:15:00.000Z,0
CVE-2021-39021,https://securityvulnerability.io/vulnerability/CVE-2021-39021,Username Enumeration Vulnerability in IBM Guardium Data Encryption,"IBM Guardium Data Encryption version 5.0.0.2 is susceptible to a vulnerability that allows an unauthorized actor to observe different responses under varying circumstances. This behavior could potentially enable the enumeration of valid usernames, posing a risk to data security and user privacy. Organizations utilizing this product are advised to evaluate their exposure and implement the necessary security measures.",IBM,Security Guardium Data Encryption,3.7,LOW,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-02-02T20:15:00.000Z,0
CVE-2021-20414,https://securityvulnerability.io/vulnerability/CVE-2021-20414,,IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216.,IBM,Guardium Data Encryption,4.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2021-07-12T16:15:00.000Z,0
CVE-2021-20416,https://securityvulnerability.io/vulnerability/CVE-2021-20416,,"IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218.",IBM,Guardium Data Encryption,3.7,LOW,0.0009599999757483602,false,,false,false,false,,,false,false,,2021-07-07T17:15:00.000Z,0
CVE-2021-20379,https://securityvulnerability.io/vulnerability/CVE-2021-20379,,IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711.,IBM,Guardium Data Encryption,5.9,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2021-07-07T17:15:00.000Z,0
CVE-2021-20417,https://securityvulnerability.io/vulnerability/CVE-2021-20417,,IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219,IBM,Guardium Data Encryption,4.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2021-07-07T17:15:00.000Z,0
CVE-2021-20378,https://securityvulnerability.io/vulnerability/CVE-2021-20378,,IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709.,IBM,Guardium Data Encryption,6.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2021-07-07T17:15:00.000Z,0
CVE-2021-20415,https://securityvulnerability.io/vulnerability/CVE-2021-20415,,IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.,IBM,Guardium Data Encryption,5.9,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-07-07T17:15:00.000Z,0
CVE-2021-20474,https://securityvulnerability.io/vulnerability/CVE-2021-20474,,IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.,IBM,Guardium Data Encryption,6.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2021-07-07T17:15:00.000Z,0
CVE-2021-20413,https://securityvulnerability.io/vulnerability/CVE-2021-20413,,IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212.,IBM,Guardium Data Encryption,4.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2021-06-28T16:15:00.000Z,0
CVE-2019-4702,https://securityvulnerability.io/vulnerability/CVE-2019-4702,,IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,IBM,Security Guardium Data Encryption,4.2,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2021-01-13T18:15:00.000Z,0
CVE-2019-4160,https://securityvulnerability.io/vulnerability/CVE-2019-4160,,IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577.,IBM,Security Guardium Data Encryption,5.9,MEDIUM,0.001120000029914081,false,,false,false,false,,,false,false,,2021-01-13T18:15:00.000Z,0
CVE-2019-4687,https://securityvulnerability.io/vulnerability/CVE-2019-4687,,"IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823.",IBM,Security Guardium Data Encryption,3.7,LOW,0.0008500000112690032,false,,false,false,false,,,false,false,,2021-01-13T18:15:00.000Z,0
CVE-2019-4695,https://securityvulnerability.io/vulnerability/CVE-2019-4695,,IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926.,IBM,Security Guardium Data Encryption,4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-08-26T20:15:00.000Z,0
CVE-2019-4692,https://securityvulnerability.io/vulnerability/CVE-2019-4692,,IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829.,IBM,Security Guardium Data Encryption,5.3,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2020-08-26T19:15:00.000Z,0
CVE-2019-4691,https://securityvulnerability.io/vulnerability/CVE-2019-4691,,IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828.,IBM,Security Guardium Data Encryption,5.4,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2020-08-26T19:15:00.000Z,0
CVE-2019-4698,https://securityvulnerability.io/vulnerability/CVE-2019-4698,,"IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929.",IBM,Security Guardium Data Encryption,7.4,HIGH,0.0007900000200606883,false,,false,false,false,,,false,false,,2020-08-26T19:15:00.000Z,0
CVE-2019-4693,https://securityvulnerability.io/vulnerability/CVE-2019-4693,,IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831.,IBM,Security Guardium Data Encryption,6,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-08-26T19:15:00.000Z,0
CVE-2019-4699,https://securityvulnerability.io/vulnerability/CVE-2019-4699,,"IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931.",IBM,Security Guardium Data Encryption,2.7,LOW,0.00046999999904073775,false,,false,false,false,,,false,false,,2020-08-26T19:15:00.000Z,0