CVE-2019-4702
Description
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 sets weak permissions on a security-critical resource, allowing unauthorized read or modification.
Vulnerability
IBM Security Guardium Data Encryption (GDE) version 3.0.0.2 specifies insecure permissions for a security-critical resource. This misconfiguration allows that resource to be read or modified by unintended actors. The vulnerability is classified as a CWE-276 (Incorrect Default Permissions) issue affecting the GDE product [1].
Exploitation
An attacker with low privileges and network access to the affected system can exploit this vulnerability. The attack requires high complexity, meaning special conditions or precise timing may be necessary. According to the CVSS vector, the attack vector is network-based (AV:N), requiring low privileges (PR:L) and no user interaction (UI:N) [1].
Impact
Successful exploitation allows an attacker to read or modify the security-critical resource. This leads to limited confidentiality and integrity impacts, meaning sensitive information could be disclosed, or the resource could be altered without authorization. The CVSS base score is 4.2, indicating a medium severity [1].
Mitigation
IBM has not yet disclosed a specific fix in the available references. Users should monitor IBM Security Bulletin for updates and apply any recommended patches or configuration changes. No workarounds are described in the reference [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 3.0.0.2
- IBM/Security Guardium Data Encryptionv5Range: 3.0.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/171937mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6403331mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.