CVE-2019-4697
Description
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plaintext, allowing authenticated users to read them.
Vulnerability
IBM Guardium Data Encryption (GDE) version 3.0.0.2 stores user credentials in plaintext within its configuration files. An authenticated user with access to the system can read these stored credentials. This vulnerability is documented in the IBM security bulletin [1].
Exploitation
An attacker must have already authenticated to the GDE system. No additional privileges are required. The attacker can then read the plaintext credentials from the storage location, such as configuration files or database entries, exposing the credentials of other users [1].
Impact
Successful exploitation leads to disclosure of user credentials, potentially allowing the attacker to impersonate other users, escalate privileges, or access sensitive data protected by those credentials [1].
Mitigation
IBM has released a fix for this vulnerability. Users should upgrade to a patched version of IBM Guardium Data Encryption as specified in the security bulletin [1]. No workaround is provided; applying the update is the recommended mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =3.0.0.2
- IBM/Security Guardium Data Encryptionv5Range: 3.0.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/171928mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6320835mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.