Skip to main content

Security Guardium CVE-2021-20377

LOW
Error Message Information Leak (CWE-209)
2021-09-23 psirt@us.ibm.com
2.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.7 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 23, 2021 - 17:15 nvd
LOW 2.7

DescriptionNVD

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.

AnalysisAI

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-209. IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569. Affected products include: Ibm Security Guardium.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-1253 CRITICAL
9.9 Jul 05

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rate

CVE-2017-1269 CRITICAL
9.8 Jul 05

IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerabili

CVE-2021-20418 CRITICAL
9.8 Aug 11

IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier fo

CVE-2021-20426 CRITICAL
9.8 May 24

IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for i

CVE-2020-4193 CRITICAL
9.8 Jun 04

IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force

CVE-2020-4177 CRITICAL
9.8 Jun 03

IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for i

CVE-2018-1818 CRITICAL
9.8 Dec 13

IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it use

CVE-2017-1757 HIGH
8.8 Dec 20

IBM Security Guardium 10.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotel

CVE-2023-42004 HIGH
8.8 Nov 28

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. Rated high severity (CVSS 8.8), t

CVE-2023-35893 HIGH
8.8 Aug 16

IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary comman

CVE-2023-0041 HIGH
8.8 Jun 05

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration

CVE-2020-4180 HIGH
8.8 Jun 03

IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rate

Share

CVE-2021-20377 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy