February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Update – 2021 CVEs Being Exploited in the Wild
July 30, 2021Rewterz Threat Advisory – ICS: Mitsubishi Electric FA Engineering Software Products
July 30, 2021Rewterz Threat Update – 2021 CVEs Being Exploited in the Wild
July 30, 2021Rewterz Threat Advisory – ICS: Mitsubishi Electric FA Engineering Software Products
July 30, 2021
Severity
Medium
Analysis Summary
CVE-2021-20415
IBM Guardium Data Encryption uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVE-2021-20417
IBM Guardium Data Encryption could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Impact
- Credential theft
- Information disclosure
Affected Vendors
IBM
Affected Products
- IBM Guardium Data Encryption 4.0.0.4
Remediation
Refer to IBM Security Bulletin for the patch, upgrade, or suggested workaround information.