Lucene search

[email protected]CVE-2023-25922

HistoryFeb 28, 2024 - 10:15 p.m.

CVE-2023-25922

2024-02-2822:15:25

CWE-434

[email protected]

web.nvd.nist.gov

ibm

security

guardium

key

lifecycle

manager

file upload

dangerous types

vulnerability

cve-2023-25922

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. IBM X-Force ID: 247621.

Affected configurations

Vulners

Node

ibmsecurity_guardium_key_lifecycle_managerMatch3.0

ibmsecurity_guardium_key_lifecycle_managerMatch3.0.1

ibmsecurity_guardium_key_lifecycle_managerMatch4.0

ibmsecurity_guardium_key_lifecycle_managerMatch4.1

ibmsecurity_guardium_key_lifecycle_managerMatch4.1.1

VendorProductVersionCPE
ibmsecurity_guardium_key_lifecycle_manager3.0cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:3.0:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager3.0.1cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:3.0.1:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager4.0cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.0:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager4.1cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:*
ibmsecurity_guardium_key_lifecycle_manager4.1.1cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_guardium_key_lifecycle_manager	3.0	cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:3.0:::::::*
ibm	security_guardium_key_lifecycle_manager	3.0.1	cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:3.0.1:::::::*
ibm	security_guardium_key_lifecycle_manager	4.0	cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.0:::::::*
ibm	security_guardium_key_lifecycle_manager	4.1	cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1:::::::*
ibm	security_guardium_key_lifecycle_manager	4.1.1	cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1.1:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Security Guardium Key Lifecycle Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.0, 3.0.1, 4.0, 4.1, 4.1.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/247621

www.ibm.com/support/pages/node/6964516

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-25922

nvd1 cvelist1 prion1 ibm1