Lucene search

IbmCVELIST:CVE-2023-25924

HistoryMar 21, 2023 - 2:53 p.m.

CVE-2023-25924 IBM Security Key Lifecycle Manager improper authorization

2023-03-2114:53:38

CWE-863

ibm

www.cve.org

ibm

security key lifecycle manager

authorization

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.6%

JSON

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Security Key Lifecycle Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.0, 3.0.1, 4.0, 4.1 , 4.1.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/247630

www.ibm.com/support/pages/node/6962729

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.6%

JSON

Related for CVELIST:CVE-2023-25924