CVE-2021-39026
Description
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 213964.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 lack HSTS, enabling man-in-the-middle attacks to expose sensitive data.
Vulnerability
IBM Guardium Data Encryption (GDE) versions 5.0.0.2 and 5.0.0.3 fail to properly enable HTTP Strict Transport Security (HSTS). This misconfiguration allows an attacker to intercept communications. The affected component is Guardium Data Encryption - CipherTrust Manager (CM) [1].
Exploitation
An attacker with network access can perform a man-in-the-middle attack by exploiting the missing HSTS header. No authentication is required, but the attacker must be positioned on the network path between the client and the server. The attack complexity is high due to the need for precise timing and network control [1].
Impact
Successful exploitation leads to disclosure of sensitive information transmitted between the client and server. The confidentiality impact is high, while integrity and availability are not affected. The CVSS base score is 5.9 [1].
Mitigation
IBM has released a fix available through the Thales portal. Users should upgrade to the latest version of GDE. No workarounds are available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 5.0.0.2, = 5.0.0.3
- IBM/Security Guardium Data Encryptionv5Range: 5.0.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/213864mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6557184mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.