PT-2021-9115 · Ibm · Ibm Security Guardium Data Encryption
Published
2021-01-13
·
Updated
2025-08-12
·
CVE-2019-4687
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Security Guardium Data Encryption (GDE) version 3.0.0.2
Description
The issue allows for potential information disclosure due to sensitive information being stored in URL parameters. This could be accessed by unauthorized parties through server logs, referrer headers, or browser history.
Recommendations
For version 3.0.0.2, consider modifying the application to avoid storing sensitive information in URL parameters to prevent potential information disclosure. As a temporary workaround, restrict access to server logs and ensure that browser history is properly secured to minimize the risk of exploitation.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Guardium Data Encryption