CVE-2019-4160: Weak Encryption

Q: What is the severity of CVE-2019-4160?

The severity of CVE-2019-4160 is high with a CVSS score of 7.5.

Q: What is IBM Guardium Data Encryption (GDE)?

IBM Guardium Data Encryption (GDE) is a security solution provided by IBM.

Q: What are the affected versions of IBM Guardium Data Encryption (GDE)?

The affected version of IBM Guardium Data Encryption (GDE) is 3.0.0.2.

Q: What is the vulnerability described in CVE-2019-4160?

CVE-2019-4160 describes a vulnerability in IBM Guardium Data Encryption (GDE) where weaker than expected cryptographic algorithms are used, allowing an attacker to decrypt highly sensitive information.

Q: How can I fix CVE-2019-4160?

To fix CVE-2019-4160, it is recommended to update IBM Guardium Data Encryption (GDE) to a version that does not use weaker cryptographic algorithms.

Published Jan 5, 2021

Updated

IBM Guardium Data Encryption (GDE) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Other sources

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577.

Affected Software

3 affected components

IBM Security Guardium Data Encrpytion=3.0.0.2

IBM GDE<=3.0.0.2

IBM Security Guardium Data Encryption=3.0.0.2

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6403331

Event History

Jan 5, 2021

CVE Published

via IBM·12:00 AM

Jan 13, 2021

CVE Published

via MITRE·05:40 PM

Data Sourced

via MITRE·05:40 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·06:15 PM

RemedyDescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-6403331

Frequently Asked Questions

What is the severity of CVE-2019-4160?

The severity of CVE-2019-4160 is high with a CVSS score of 7.5.

What is IBM Guardium Data Encryption (GDE)?