CVE-2019-4702: High severity IBM Security Guardium Data Encrpytion vulnerability

Q: What is the vulnerability ID?

The vulnerability ID is CVE-2019-4702.

Q: What is the severity of CVE-2019-4702?

The severity of CVE-2019-4702 is high, with a severity value of 8.1.

Q: Which software is affected by CVE-2019-4702?

IBM Guardium Data Encryption (GDE) version 3.0.0.2 is affected by CVE-2019-4702.

Q: What is the risk of CVE-2019-4702?

CVE-2019-4702 allows unintended actors to read or modify a security-critical resource, posing a significant risk to the affected system.

Q: Is there a fix available for CVE-2019-4702?

To fix CVE-2019-4702, it is recommended to update IBM Guardium Data Encryption (GDE) to a version that is not affected by this vulnerability.

Published Jan 5, 2021

Updated

IBM Guardium Data Encryption (GDE) specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Other sources

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Affected Software

3 affected components

IBM Security Guardium Data Encrpytion=3.0.0.2

IBM GDE<=3.0.0.2

IBM Security Guardium Data Encryption=3.0.0.2

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6403331

Event History

Jan 5, 2021

CVE Published

via IBM·12:00 AM

Jan 13, 2021

CVE Published

via MITRE·05:40 PM

Data Sourced

via MITRE·05:40 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·06:15 PM

RemedyDescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-6403331

Frequently Asked Questions

What is the vulnerability ID?

The vulnerability ID is CVE-2019-4702.

What is the severity of CVE-2019-4702?