CVE-2019-4698

HIGH

IBM Security Guardium Data Encryption <3.0.0.2 - Info Disclosure

Title source: llm

Description

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 171929.

References (2)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6320817

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/171929

Scores

CVSS v3 7.5

EPSS 0.0011

EPSS Percentile 29.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-521

Status published

Products (2)

ibm/guardium_data_encryption 3.0.0.2

ibm/guardium_for_cloud_key_management < 1.7.0

Published Aug 26, 2020

Tracked Since Feb 18, 2026