Medium
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down.
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields.
IBM
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.