CVE-2021-39077: IBM Security Guardium information disclosure

Q: What is the severity of CVE-2021-39077?

The severity of CVE-2021-39077 is medium with a CVSS score of 4.4.

Q: How does CVE-2021-39077 affect IBM Security Guardium?

CVE-2021-39077 affects IBM Security Guardium versions 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4.

Q: How are user credentials stored in IBM Security Guardium affected by CVE-2021-39077?

CVE-2021-39077 exposes user credentials stored in IBM Security Guardium in plain clear text, making them readable by a local privileged user.

Q: How can a local privileged user exploit CVE-2021-39077?

A local privileged user can exploit CVE-2021-39077 to read user credentials stored in IBM Security Guardium.

Q: Where can I find more information about CVE-2021-39077?

More information about CVE-2021-39077 can be found at the following references: - [IBM X-Force ID: 215587](https://exchange.xforce.ibmcloud.com/vulnerabilities/215587) - [IBM Security Guardium - IBM Support](https://www.ibm.com/support/pages/node/6831647)

Published Apr 18, 2022

Updated

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

Other sources

IBM Security Guardium stores user credentials in plain clear text which can be read by a local privileged user.

— IBM

Affected Software

14 affected components

IBM Security Guardium>=11.0<=11.4

IBM Security Guardium=10.5

IBM Security Guardium=10.6

All of the following

Any of the following

IBM Security Guardium>=11.0<=11.4

IBM Security Guardium=10.5

IBM Security Guardium=10.6

Linux Linux kernel

IBM Security Guardium<=10.5

IBM Security Guardium<=10.6

IBM Security Guardium<=11.0

IBM Security Guardium<=11.1

IBM Security Guardium<=11.2

IBM Security Guardium<=11.3

IBM Security Guardium<=11.4

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6831647

Event History

Apr 18, 2022

CVE Published

via IBM·12:00 AM

Nov 3, 2022

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·08:15 PM

RemedyDescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-6831647

Frequently Asked Questions

What is the severity of CVE-2021-39077?

The severity of CVE-2021-39077 is medium with a CVSS score of 4.4.

How does CVE-2021-39077 affect IBM Security Guardium?