Severity
Medium
Analysis Summary
CVE-2021-29838
IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE-2021-29845
IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation.
CVE-2021-29846
IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
Impact
- Information Disclosure
- Security Bypass
Affected Vendors
IBM
Affected Products
- IBM Security Guardium Insights 3.0
Remediation
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.