CVE-2021-39077

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/215587	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6831647	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:security_guardium::::::::
	cpe:2.3:a:ibm:security_guardium:10.5:::::::*
	cpe:2.3:a:ibm:security_guardium:10.6:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

29 Feb 2024, 01:32

Type	Values Removed	Values Added
Summary	~~(en) IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. ?~~	(en) IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

18 Nov 2023, 03:06

Type	Values Removed	Values Added
Summary	~~IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.~~	IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. ?
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::*
First Time		Linux Linux linux Kernel
References	~~(MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/215587 - VDB Entry~~	(MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/215587 - VDB Entry, Vendor Advisory

07 Nov 2023, 03:37

Type	Values Removed	Values Added
Summary	~~IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. ?~~	IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

23 Oct 2023, 18:15

Type	Values Removed	Values Added
Summary	~~IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.~~	IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. ?

08 Dec 2022, 21:48

Type	Values Removed	Values Added
References	~~(MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/215587 -~~	(MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/215587 - VDB Entry

09 Nov 2022, 22:15

Type	Values Removed	Values Added
References		(MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/215587 -
Summary	~~"IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587."~~	IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

04 Nov 2022, 13:27

Type	Values Removed	Values Added
References	~~(MISC) https://www.ibm.com/support/pages/node/6831647 -~~	(MISC) https://www.ibm.com/support/pages/node/6831647 - Patch, Vendor Advisory
CWE		CWE-312
First Time		Ibm security Guardium Ibm
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.4
CPE		cpe:2.3:a:ibm:security_guardium:10.5:::::::* cpe:2.3:a:ibm:security_guardium:::::::: cpe:2.3:a:ibm:security_guardium:10.6:::::::*

03 Nov 2022, 20:36

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-03 20:15

Updated : 2024-02-29 01:32

NVD link : CVE-2021-39077

Mitre link : CVE-2021-39077

CVE.ORG link : CVE-2021-39077

JSON object : View

Products Affected

linux

linux_kernel

ibm

security_guardium

CWE

CWE-312

Cleartext Storage of Sensitive Information

CWE-319

Cleartext Transmission of Sensitive Information

4.4 /10