PT-2022-10851 · Ibm · Ibm Guardium Data Encryption
Ben Goodspeed
+8
·
Published
2022-05-06
·
Updated
2023-01-24
·
CVE-2021-39027
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Guardium Data Encryption (GDE) versions 4.0.0 through 5.0.0
Description
The issue arises from IBM Guardium Data Encryption (GDE) preparing a structured message for communication with another component, but the encoding or escaping of the data is either missing or done incorrectly. This results in the intended structure of the message not being preserved.
Recommendations
For versions 4.0.0 and 5.0.0, consider implementing proper encoding or escaping of the data in the structured message to preserve its intended structure. As a temporary workaround, review and adjust the communication protocol between components to minimize the risk of message structure corruption.
Fix
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Guardium Data Encryption