CVE-2021-20377: 
IBM Guardium Appliance vulnerability analysis and mitigation

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. The vulnerability (CVE-2021-20377) was disclosed on September 21, 2021, and affects IBM Security Guardium version 11.3. This information disclosure vulnerability could potentially be used in further attacks against the system (IBM Security Bulletin).

The vulnerability has a CVSS Base Score of 2.7 (Low) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires network access (AV:N), has low attack complexity (AC:L), requires high privileges (PR:H), needs no user interaction (UI:N), has unchanged scope (S:U), and can only impact confidentiality at a low level (C:L) with no impact on integrity (I:N) or availability (A:N) (AttackerKB).

The vulnerability allows attackers to obtain sensitive information through detailed technical error messages displayed in the browser. This leaked information could potentially be leveraged to conduct further attacks against the system (IBM Security Bulletin).

IBM has released a fix for this vulnerability in IBM Security Guardium 11.3. Users should update to the patched version available through IBM Fix Central. The patch is included in SqlGuard_11.0p400_GPU_Sep-2021-V11.4 (IBM Security Bulletin).