Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager

Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2 . Please upgrade to GKLM v4.2 for the fixes. Vulnerability Details CVEID:CVE-2023-25689 DESCRIPTION: IBM...

CVE-2023-25921

CVE-2023-25921 affects IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1, allowing an attacker to upload or transfer dangerous-file types that can be automatically processed within the product environment. The Red Hat / IBM bulletin confirms remediation in GKLM ...

CVE-2023-25923

CVE-2023-25923 concerns IBM Security Guardium Key Lifecycle Manager (GKLM) versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1. The Red Hat advisory and IBM security bulletin describe a vulnerability where an attacker could upload files due to incorrect authorization, enabling a denial-of-service condition....

klm-va.nl Cross Site Scripting vulnerability OBB-2627797

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

klmhotels.com Cross Site Scripting vulnerability OBB-2537278

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-38976

IBM Tivoli Key Lifecycle Manager stores user credentials in plaintext, enabling local access to read them. Affected: TKLM 3.0–4.0 (including 3.0.x, 3.0.1, 4.0) and Guardium Key Lifecycle Manager 4.1.0–4.1.1. The issue stems from cleartext storage of credentials. Remediation: upgrade to 4.1.1 - Fi...

CVE-2021-38975

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780...

packagedeals.klm.com XSS vulnerability

Open Bug Bounty ID: OBB-566654 Description| Value ---|--- Affected Website:| packagedeals.klm.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2016-6092

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user...

CVE-2016-6117

The CVE-2016-6117 issue affects IBM Security Key Lifecycle Manager (KLM): Tivoli Key Lifecycle Manager 2.5 (2.5.0.x up to 2.5.0.7) and 2.6 (2.6.0.x up to 2.6.0.2) can be deployed with active debugging code that may disclose sensitive information. The root cause is the presence of debugging code i...

vg-klm.nl XSS vulnerability

Vulnerable URL: https://www.vg-klm.nl/klm-newsapp/?app=klm-fo'%22alert/OPENBUGBOUNTY/...

KLM - Royal Dutch Airlines - Exported components, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application KLM - Royal Dutch Airlines published at the 'play' market has multiple vulnerabilities...