Request a Demo
Rewterz
Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
February 18, 2022
Rewterz
Rewterz Threat Advisory – CVE-2022-22922 – TP-Link TL-WA850RE Wi-Fi Range Extender Vulnerability
February 21, 2022

Rewterz Threat Advisory – Multiple IBM Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-39026 

IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

CVE-2021-38935 

IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

Impact

  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2021-39026
  • CVE-2021-38935

Affected Vendors

IBM

Affected Products

  • IBM Security Guardium Data Encryption 5.0.0.2
  • IBM Security Guardium Data Encryption 5.0.0.3
  • IBM Maximo Asset Management 7.6.1.2

Remediation

Refer to IBM Security Bulletin for patch, upgrade, or suggested workaround information.

CVE-2021-39026

https://www.ibm.com/support/pages/node/6557184

CVE-2021-38935

https://www.ibm.com/support/pages/node/6557318