Lucene search
K
IbmSecurity Guardium Key Lifecycle Manager

29 matches found

CVE
CVE
added 2024/12/17 5:42 p.m.141 views

CVE-2024-49820

IBM Security Guardium Key Lifecycle Manager (GKLM) versions 4.1, 4.1.1, 4.2.0, and 4.2.1 are affected by an information-disclosure vulnerability caused by not properly enabling HTTP Strict Transport Security. An attacker could obtain sensitive data via man-in-the-middle attacks. The IBM security ...

3.7CVSS3.9AI score0.00241EPSS
CVE
CVE
added 2024/12/17 5:35 p.m.134 views

CVE-2024-49818

IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1 are affected by CVE-2024-49818, which could allow a remote attacker to obtain sensitive information via a browser-embedded detailed error message (information disclosure). The IBM security bulletin lists remediation...

4.3CVSS4.3AI score0.00453EPSS
CVE
CVE
added 2024/02/28 9:53 p.m.132 views

CVE-2023-25925

CVE-2023-25925 affects IBM Security Guardium Key Lifecycle Manager (GKLM) across multiple releases (3.0, 3.0.1, 4.0, 4.1, 4.1.1). A remote authenticated attacker can execute arbitrary commands on the system by sending a specially crafted request, as documented by IBM and Red Hat in their vendor a...

8.8CVSS8.3AI score0.01351EPSS
CVE
CVE
added 2024/02/28 9:44 p.m.113 views

CVE-2023-25922

Summary of CVE-2023-25922 (IBM Security Guardium Key Lifecycle Manager): This vulnerability affects GKLM versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1, where an attacker can upload or transfer files of dangerous types that can be automatically processed within the product’s environment. The IBM bullet...

8.8CVSS4.4AI score0.00556EPSS
CVE
CVE
added 2024/02/29 12:36 a.m.108 views

CVE-2023-25921

CVE-2023-25921 affects IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1, allowing an attacker to upload or transfer dangerous-file types that can be automatically processed within the product environment. The Red Hat / IBM bulletin confirms remediation in GKLM ...

8.8CVSS7.9AI score0.01103EPSS
CVE
CVE
added 2024/02/29 12:27 a.m.106 views

CVE-2023-25926

CVE-2023-25926 affects IBM Security Guardium Key Lifecycle Manager (GKLM) 3.0, 3.0.1, 4.0, 4.1, and 4.1.1, with an XML External Entity Injection (XXE) vulnerability when processing XML data. The root cause is XXE in the XML processing path, enabling a remote attacker to potentially expose sensiti...

8.2CVSS5.5AI score0.01379EPSS
CVE
CVE
added 2024/12/17 5:42 p.m.99 views

CVE-2024-49816

CVE-2024-49816 affects IBM Security Guardium Key Lifecycle Manager (GKLM) versions 4.1, 4.1.1, 4.2.0, and 4.2.1. The issue is a log information disclosure: potentially sensitive data is stored in log files and could be read by a local privileged user due to how logging is handled. Impact is confi...

4.9CVSS4.7AI score0.00346EPSS
CVE
CVE
added 2024/12/17 5:34 p.m.98 views

CVE-2024-49817

The CVE-2024-49817 issue in IBM Security Guardium Key Lifecycle Manager (GKLM) affects versions 4.1, 4.1.1, 4.2, and 4.2.1, where user credentials are stored in configuration files that can be read by a local privileged user (CWE-260). The IBM Security bulletin describes this as a local informati...

4.4CVSS4.5AI score0.00185EPSS
CVE
CVE
added 2024/12/17 5:41 p.m.96 views

CVE-2024-49819

CVE-2024-49819 affects IBM Security Guardium Key Lifecycle Manager (GKLM) versions 4.1, 4.1.1, 4.2.0, and 4.2.1. The flaw could allow a remote attacker to obtain sensitive information in cleartext over a sniffable communication channel. The IBM security bulletin lists this as a network-friendly v...

7.5CVSS4AI score0.00253EPSS
CVE
CVE
added 2023/12/20 12:56 a.m.56 views

CVE-2023-47705

IBM Security Guardium Key Lifecycle Manager 4.3 includes a vulnerability where an authenticated user could manipulate username data due to improper input validation (CVE-2023-47705). The IBM security bulletin (and cross-referenced records) confirms this CVE and notes the issue exists in GKLM and ...

4.3CVSS4.2AI score0.00519EPSS
CVE
CVE
added 2023/12/20 12:50 a.m.54 views

CVE-2023-47704

CVE-2023-47704 affects IBM Security Guardium Key Lifecycle Manager, version 4.3. The issue is the presence of plain text hard-coded credentials or other secrets in the source code repository, causing potential confidentiality impact. Exploitation details are not provided in the connected document...

7.5CVSS5.1AI score0.00609EPSS
CVE
CVE
added 2021/11/12 3:20 p.m.53 views

CVE-2021-38985

IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager are affected by CVE-2021-38985 due to hazardous input validation (input not validated or incorrectly validated). Affected versions include TKLM 3.0–3.0.0.4, 3.0.1–3.0.1.5, 4.0–4.0.0.3, 4.1.0–4.1.0.1, and 4.1.1...

4.3CVSS4.5AI score0.0061EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.51 views

CVE-2021-38974

IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager are affected by CVE-2021-38974. An authenticated user can cause a denial of service by sending specially crafted HTTP requests, due to improper handling of certain requests (network access, low attack complexi...

6.5CVSS6.2AI score0.00971EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.51 views

CVE-2021-38981

The CVE-2021-38981 issue affects IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager, with external access allowing a remote attacker to obtain sensitive information via a detailed technical error message returned in the browser. Affected versions span TKLM 3.0...

5.3CVSS4.8AI score0.01326EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.51 views

CVE-2021-38982

Summary: CVE-2021-38982 affects IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager. Affected versions include TKLM 3.0–3.0.0.4, 3.0.1–3.0.1.5, 4.0–4.0.0.3, and 4.1.0–4.1.0.1, with the vulnerability being a Cross-Site Scripting (XSS) in the Web UI that could al...

5.4CVSS5.2AI score0.00515EPSS
CVE
CVE
added 2023/12/20 1:11 a.m.50 views

CVE-2023-47702

CVE-2023-47702 affects IBM Security Guardium Key Lifecycle Manager. The connected documents specify a path traversal vulnerability where a remote attacker could craft URL requests containing dot-dot sequences (/../) to traverse directories and view/modify files on the system. The issue is tied to...

9.1CVSS6.3AI score0.00975EPSS
CVE
CVE
added 2023/12/20 1:45 a.m.50 views

CVE-2023-47703

IBM Security Guardium Key Lifecycle Manager 4.3 is affected by CVE-2023-47703, which, per the sources, could allow a remote attacker to obtain sensitive information via a detailed technical browser error message. The issue relates to information disclosure (C/L with low confidentiality impact) an...

5.3CVSS4.8AI score0.00757EPSS
CVE
CVE
added 2021/11/12 3:20 p.m.49 views

CVE-2021-38972

The CVE-2021-38972 issue affects IBM Security Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager. The root cause is improper or insufficient input validation in TKLM when handling input/data, as described in IBM’s advisory. Affected versions are TKLM/Guardium KLM 3.0 (up...

4.3CVSS4.5AI score0.0061EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.49 views

CVE-2021-38978

IBM Tivoli Key Lifecycle Manager (TKLM) and related IBM Security Guardium Key Lifecycle Manager versions (3.0–4.1) are affected by CVE-2021-38978 due to failure to properly enable HTTP Strict Transport Security. This allows a remote attacker to potentially obtain sensitive information via MITM. A...

5.9CVSS5.4AI score0.00856EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.49 views

CVE-2021-38979

CVE-2021-38979 affects IBM Security Key Lifecycle Manager (TKLM) / IBM Security Guardium Key Lifecycle Manager. The root cause is the use of a one-way cryptographic hash on inputs that should not be reversible without also applying a salt, per the description. Affected versions include TKLM 3.0–3...

7.5CVSS7.2AI score0.00691EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.49 views

CVE-2021-38983

The CVE-2021-38983 issue affects IBM Security Key Lifecycle Manager / Tivoli Key Lifecycle Manager (TKLM) versions 3.0, 3.0.1, 4.0, and 4.1, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The vulnerability is documented across ...

7.5CVSS7.2AI score0.00876EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.47 views

CVE-2021-38975

CVE-2021-38975 describes an information-exposure vulnerability in IBM Security Key Lifecycle Manager / Tivoli Key Lifecycle Manager. The IBM Security Guardium Key Lifecycle Manager product line (TKLM) versions 3.0–4.0.x and 4.1.x allow an authenticated user to obtain sensitive information via a s...

6.5CVSS6AI score0.00935EPSS
CVE
CVE
added 2021/11/23 7:15 p.m.47 views

CVE-2021-38980

CVE-2021-38980 affects IBM Security Guardium Key Lifecycle Manager (TKLM) on containerized platforms, including versions 4.0, 4.1.0, and 4.1.1. The vulnerability is an information disclosure where a detailed technical error message rendered in the browser could allow a remote attacker to obtain s...

5.3CVSS4.8AI score0.01192EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.45 views

CVE-2021-38977

Summary: CVE-2021-38977 affects IBM Tivoli Key Lifecycle Manager (TKLM) versions 3.0–4.1. The vulnerability arises because authorization tokens and session cookies are not marked with the Secure attribute, enabling an attacker to capture cookie values by persuading a user to visit an http (non-HT...

4.3CVSS4.1AI score0.00515EPSS
CVE
CVE
added 2023/12/20 12:59 a.m.45 views

CVE-2023-47706

CVE-2023-47706 affects IBM Security Guardium Key Lifecycle Manager (KLM) 4.3. An authenticated user could upload files of a dangerous file type. The connected IBM bulletin lists multiple vulnerabilities in GKLM and notes fixes in GKLM v4.2.0.2; it instructs applying the latest fix packs. The exac...

8.8CVSS7.2AI score0.00843EPSS
CVE
CVE
added 2021/11/12 3:20 p.m.44 views

CVE-2021-38973

CVE-2021-38973 affects IBM Security Key Lifecycle Manager / IBM Security Guardium Key Lifecycle Manager. The vulnerability stems from hazardous input validation where the software accepts input without properly verifying required properties. Affected versions include TKLM/Guardium TKLM 3.0 (up to...

4CVSS3.8AI score0.00574EPSS
CVE
CVE
added 2023/12/20 1:48 a.m.44 views

CVE-2023-47707

CVE-2023-47707 affects IBM Security Guardium Key Lifecycle Manager (GKLM) 4.3. It is a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. The primary affected product i...

5.4CVSS5.1AI score0.00441EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.42 views

CVE-2021-38984

CVE-2021-38984 affects IBM Security Key Lifecycle Manager / IBM Security Guardium Key Lifecycle Manager (TKLM) with weaker-than-expected encryption allowing decryption of sensitive data. Affected: TKLM 3.0 (3.0.0.4 and 3.0.1.x up to 3.0.1.5), TKLM 4.0 (up to 4.0.0.3), GKLM 4.1 (4.1.0–4.1.0.1 and ...

7.5CVSS7.2AI score0.00613EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.38 views

CVE-2021-38976

IBM Tivoli Key Lifecycle Manager stores user credentials in plaintext, enabling local access to read them. Affected: TKLM 3.0–4.0 (including 3.0.x, 3.0.1, 4.0) and Guardium Key Lifecycle Manager 4.1.0–4.1.1. The issue stems from cleartext storage of credentials. Remediation: upgrade to 4.1.1 - Fi...

6.2CVSS5.1AI score0.0023EPSS