PT-2021-13927 · Ibm · Ibm Guardium Data Encryption

Chris Shepherd

Published

2021-07-07

Updated

2021-07-09

CVE-2021-20378

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: IBM Guardium Data Encryption (GDE) versions 3.0.0.2 through 4.0.0.4

Description: The issue allows an authenticated user to impersonate another user on the system because the session is not invalidated after logout.

Recommendations: For versions 3.0.0.2 and 4.0.0.4, consider implementing a custom session invalidation mechanism after user logout as a temporary workaround until a patch is available. Restrict access to sensitive features and data to minimize the risk of exploitation.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2021-20378

Affected Products

Ibm Guardium Data Encryption

PT-2021-13927 · Ibm · Ibm Guardium Data Encryption

CVE-2021-20378

Weakness Enumeration

Related Identifiers

Affected Products

References · 5