CVE-2021-39021
Description
IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Guardium Data Encryption (GDE) 5.0.0.2 has a username enumeration vulnerability due to observable differences in responses to unauthorized actors.
Vulnerability
IBM Guardium Data Encryption (GDE) version 5.0.0.2 (also known as CipherTrust Manager 2.4.2) contains a vulnerability where the system sends different responses under different circumstances in a way that is observable to an unauthorized actor. This behavior could facilitate username enumeration, allowing an attacker to determine valid usernames based on the application's responses [1].
Exploitation
An attacker with network access to the GDE server can exploit this vulnerability by sending crafted requests and observing the application's responses. The attack complexity is high, but no authentication is required, and no user interaction is needed. The attacker can use the observable differences in responses to enumerate valid usernames [1].
Impact
Successful exploitation allows an attacker to identify valid usernames within the system. This information disclosure (confidentiality impact is low) could be used as a stepping stone for further targeted attacks, such as password guessing or social engineering. The integrity and availability of the system are not affected [1].
Mitigation
IBM has released a fix in the latest version of GDE. Users should apply the patch or update to the latest GDE version available from the Thales support portal [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =5.0.0.2
- IBM/Security Guardium Data Encryptionv5Range: 5.0.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/213856mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6552552mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.