CVE-2021-39077

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/215587	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6831647	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/215587	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6831647	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:security_guardium::::::::
	cpe:2.3:a:ibm:security_guardium:10.5:::::::*
	cpe:2.3:a:ibm:security_guardium:10.6:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

23 Jul 2025, 21:15

Type	Values Removed	Values Added
Summary	~~(en) IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.~~	(en) IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

21 Nov 2024, 06:18

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/215587 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/215587 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/6831647 - Patch, Vendor Advisory~~	() https://www.ibm.com/support/pages/node/6831647 - Patch, Vendor Advisory

29 Feb 2024, 01:32

Type	Values Removed	Values Added
Summary	~~IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. ?~~	IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

18 Nov 2023, 03:06

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
Summary	~~IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.~~	IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. ?
References	~~(MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/215587 - VDB Entry~~	(MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/215587 - VDB Entry, Vendor Advisory
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::*

07 Nov 2023, 03:37

Type	Values Removed	Values Added
Summary	~~IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. ?~~	IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

23 Oct 2023, 18:15

Type	Values Removed	Values Added
Summary	~~IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.~~	IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. ?

Information

Published : 2022-11-03 20:15

Updated : 2025-07-23 21:15

NVD link : CVE-2021-39077

Mitre link : CVE-2021-39077

CVE.ORG link : CVE-2021-39077

JSON object : View

Products Affected

ibm

security_guardium

linux

linux_kernel

CWE

CWE-319

Cleartext Transmission of Sensitive Information

CWE-312

Cleartext Storage of Sensitive Information

4.4 /10