CVE-2021-39022

Name of the Vulnerable Software and Affected Versions IBM Guardium Data Encryption (GDE) versions 4.0.0.0 through 5.0.0.0

Description The issue arises when user-provided information is saved into a Comma-Separated Value (CSV) file without properly neutralizing special elements. These elements could be interpreted as commands when the file is opened by spreadsheet software.

Recommendations For versions 4.0.0.0 and 5.0.0.0, consider disabling the feature that saves user-provided information into CSV files until a proper fix is available. Restrict access to the CSV files generated by the software to minimize the risk of exploitation. Avoid opening these files with spreadsheet software that could interpret special elements as commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.