Unrated severityNVD Advisory· Published Jul 7, 2021· Updated Sep 17, 2024

CVE-2021-20474

Description

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 lack authentication for resource-intensive or identity-requiring functions, allowing unauthenticated limited access.

Vulnerability

IBM Guardium Data Encryption (GDE) versions 3.0.0.2 and 4.0.0.4 do not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources [1]. This affects components where a user must be identified or where resource usage is high.

Exploitation

An attacker with network access to the GDE system can exploit this vulnerability without any authentication or user interaction. The lack of authentication means the attacker can directly access the vulnerable functionality [1].

Impact

Successful exploitation allows an attacker to gain limited access to the system, potentially affecting confidentiality and integrity. The CVSS v3.0 base score is 6.5, with vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N, indicating low impact on confidentiality and integrity [1].

Mitigation

IBM has fixed this vulnerability in GDE version 4.0.0.5. Users should upgrade to this version or later. There are no known workarounds for versions prior to the fix [1].

References

Security Bulletin: There are multiple vulnerabilities identified in IBM Guardium Data Encryption (GDE) (CVE-2021-20378, CVE-2021-20416, CVE-2021-20474, CVE-2021-20379)

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

IBM/Guardium Data Encryptionllm-fuzzy
Range: 3.0.0.2, 4.0.0.4
IBM/Guardium Data Encryptionv5
Range: 3.0.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

exchange.xforce.ibmcloud.com/vulnerabilities/196945mitrevdb-entryx_refsource_XF
www.ibm.com/support/pages/node/6469407mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000