CVE-2021-20389: High severity ibm infosphere guardium z/os vulnerability

Q: What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2021-20389.

Q: What is the severity of CVE-2021-20389?

The severity of CVE-2021-20389 is high with a CVSS score of 7.8.

Q: Which version of IBM Security Guardium is affected by CVE-2021-20389?

IBM Security Guardium versions 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 are affected by CVE-2021-20389.

Q: How are user credentials stored in IBM Security Guardium 11.2?

User credentials in IBM Security Guardium 11.2 are stored in plain clear text which can be read by a local user.

Q: Is Linux Linux kernel vulnerable to CVE-2021-20389?

No, Linux Linux kernel is not vulnerable to CVE-2021-20389.

Published May 21, 2021

Updated

IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770.

Affected Software

8 affected components

IBM Security Guardium<=10.5

IBM Security Guardium<=10.6

IBM Security Guardium<=11.0

IBM Security Guardium<=11.1

IBM Security Guardium<=11.2

IBM Security Guardium<=11.3

IBM Security Guardium=11.2

Linux Linux kernel

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6455281

Event History

May 21, 2021

CVE Published

via IBM·12:00 AM

May 24, 2021

CVE Published

via MITRE·01:55 PM

Data Sourced

via MITRE·01:55 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6455281

Frequently Asked Questions

What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2021-20389.

What is the severity of CVE-2021-20389?

The severity of CVE-2021-20389 is high with a CVSS score of 7.8.

Which version of IBM Security Guardium is affected by CVE-2021-20389?