Lucene search
China National Vulnerability DatabaseCNVD-2023-20082HistoryMar 23, 2023 - 12:00 a.m.
IBM Security Guardium Information Disclosure Vulnerability (CNVD-2023-20082)
2023-03-2300:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
ibm
security
guardium
information
disclosure
vulnerability
data protection
key lifecycle manager
user credentials
plaintext
local attacker
0.0004 Low
EPSS
Percentile
5.1%
IBM Security Guardium is a suite of platforms from International Business Machines (IBM) that provide data protection capabilities. The platform includes features such as customizable UI, report management and streamlined audit process building.IBM Security Guardium Key Lifecycle Manager is vulnerable to an information disclosure vulnerability that stems from storing user credentials in plaintext only, which could be exploited by a local attacker to read those credentials.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security guardium | eq | 3.0 | |
| ibm security guardium | eq | 3.0.1 | |
| ibm security guardium | eq | 4.0 | |
| ibm security guardium | eq | 4.1 | |
| ibm security guardium | eq | 4.1.1 |
Related
cve
cve
CVE-2023-25686
2023-03-21 16:15:12
cvelist
cvelist
CVE-2023-25686 IBM Security Key Lifecycle Manager information disclosure
2023-03-21 15:55:53
nvd
nvd
CVE-2023-25686
2023-03-21 16:15:12
prion
prion
Design/Logic Flaw
2023-03-21 16:15:00
ibm
ibm