CVE-2021-20420: 
IBM Guardium Appliance vulnerability analysis and mitigation

IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. The vulnerability was discovered and disclosed on August 10, 2021, and is tracked as CVE-2021-20420 with IBM X-Force ID: 196281. The affected software versions include IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 (IBM Security Bulletin).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), needs low privileges (PR:L), requires no user interaction (UI:N), has unchanged scope (S:U), and can impact confidentiality at a low level (C:L) with no impact on integrity (I:N) or availability (A:N) (AttackerKB).

The vulnerability could lead to the disclosure of sensitive information that might be used to facilitate further attacks against the system. The impact is primarily limited to confidentiality breaches, with no direct impact on system integrity or availability (IBM Security Bulletin).

IBM has released security fixes for all affected versions. The patches are available through IBM Fix Central for versions 10.5 through 11.3. No alternative workarounds have been identified for this vulnerability (IBM Security Bulletin).