CVE-2021-39022

HIGH

IBM Guardium Data Encryption <5.0.0.0 - Code Injection

Title source: llm

Description

IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID: 213858.

References (2)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6562379

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/213858

Scores

CVSS v3 8.8

EPSS 0.0010

EPSS Percentile 27.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (2)

ibm/guardium_data_encryption 4.0.0.0

ibm/guardium_data_encryption 5.0.0.0

Published Mar 10, 2022

Tracked Since Feb 18, 2026