Severity
Medium
Analysis Summary
CVE-2021-20415
IBM Guardium Data Encryption uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVE-2021-20417
IBM Guardium Data Encryption could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Impact
- Credential theft
- Information disclosure
Affected Vendors
IBM
Affected Products
- IBM Guardium Data Encryption 4.0.0.4
Remediation
Refer to IBM Security Bulletin for the patch, upgrade, or suggested workaround information.