CVE-2021-20386: XSS

Q: What is the vulnerability ID for the IBM Security Guardium vulnerability?

The vulnerability ID for the IBM Security Guardium vulnerability is CVE-2021-20386.

Q: What is the severity of the IBM Security Guardium vulnerability?

The severity of the IBM Security Guardium vulnerability is medium.

Q: How does the IBM Security Guardium vulnerability affect users?

The vulnerability allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.

Q: Which versions of IBM Security Guardium are affected by the vulnerability?

The vulnerability affects IBM Security Guardium versions up to and including 11.2.

Q: How can I fix the IBM Security Guardium vulnerability?

To fix the vulnerability, update IBM Security Guardium to a version that is not affected by the vulnerability.

Published May 21, 2021

Updated

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195767.

Affected Software

7 affected components

IBM Security Guardium=11.2

IBM Security Guardium<=10.5

IBM Security Guardium<=10.6

IBM Security Guardium<=11.0

IBM Security Guardium<=11.1

IBM Security Guardium<=11.2

IBM Security Guardium<=11.3

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6455281

Event History

May 21, 2021

CVE Published

via IBM·12:00 AM

May 24, 2021

CVE Published

via MITRE·01:55 PM

Data Sourced

via MITRE·01:55 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6455281

Frequently Asked Questions

What is the vulnerability ID for the IBM Security Guardium vulnerability?

The vulnerability ID for the IBM Security Guardium vulnerability is CVE-2021-20386.

What is the severity of the IBM Security Guardium vulnerability?

The severity of the IBM Security Guardium vulnerability is medium.

How does the IBM Security Guardium vulnerability affect users?