29 matches found
CVE-2024-49820
IBM Security Guardium Key Lifecycle Manager (GKLM) versions 4.1, 4.1.1, 4.2.0, and 4.2.1 are affected by an information-disclosure vulnerability caused by not properly enabling HTTP Strict Transport Security. An attacker could obtain sensitive data via man-in-the-middle attacks. The IBM security ...
CVE-2024-49818
IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1 are affected by CVE-2024-49818, which could allow a remote attacker to obtain sensitive information via a browser-embedded detailed error message (information disclosure). The IBM security bulletin lists remediation...
CVE-2023-25925
CVE-2023-25925 affects IBM Security Guardium Key Lifecycle Manager (GKLM) across multiple releases (3.0, 3.0.1, 4.0, 4.1, 4.1.1). A remote authenticated attacker can execute arbitrary commands on the system by sending a specially crafted request, as documented by IBM and Red Hat in their vendor a...
CVE-2023-25922
Summary of CVE-2023-25922 (IBM Security Guardium Key Lifecycle Manager): This vulnerability affects GKLM versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1, where an attacker can upload or transfer files of dangerous types that can be automatically processed within the product’s environment. The IBM bullet...
CVE-2023-25921
CVE-2023-25921 affects IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1, allowing an attacker to upload or transfer dangerous-file types that can be automatically processed within the product environment. The Red Hat / IBM bulletin confirms remediation in GKLM ...
CVE-2023-25926
CVE-2023-25926 affects IBM Security Guardium Key Lifecycle Manager (GKLM) 3.0, 3.0.1, 4.0, 4.1, and 4.1.1, with an XML External Entity Injection (XXE) vulnerability when processing XML data. The root cause is XXE in the XML processing path, enabling a remote attacker to potentially expose sensiti...
CVE-2024-49816
CVE-2024-49816 affects IBM Security Guardium Key Lifecycle Manager (GKLM) versions 4.1, 4.1.1, 4.2.0, and 4.2.1. The issue is a log information disclosure: potentially sensitive data is stored in log files and could be read by a local privileged user due to how logging is handled. Impact is confi...
CVE-2024-49817
The CVE-2024-49817 issue in IBM Security Guardium Key Lifecycle Manager (GKLM) affects versions 4.1, 4.1.1, 4.2, and 4.2.1, where user credentials are stored in configuration files that can be read by a local privileged user (CWE-260). The IBM Security bulletin describes this as a local informati...
CVE-2024-49819
CVE-2024-49819 affects IBM Security Guardium Key Lifecycle Manager (GKLM) versions 4.1, 4.1.1, 4.2.0, and 4.2.1. The flaw could allow a remote attacker to obtain sensitive information in cleartext over a sniffable communication channel. The IBM security bulletin lists this as a network-friendly v...
CVE-2023-47705
IBM Security Guardium Key Lifecycle Manager 4.3 includes a vulnerability where an authenticated user could manipulate username data due to improper input validation (CVE-2023-47705). The IBM security bulletin (and cross-referenced records) confirms this CVE and notes the issue exists in GKLM and ...
CVE-2023-47704
CVE-2023-47704 affects IBM Security Guardium Key Lifecycle Manager, version 4.3. The issue is the presence of plain text hard-coded credentials or other secrets in the source code repository, causing potential confidentiality impact. Exploitation details are not provided in the connected document...
CVE-2021-38985
IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager are affected by CVE-2021-38985 due to hazardous input validation (input not validated or incorrectly validated). Affected versions include TKLM 3.0–3.0.0.4, 3.0.1–3.0.1.5, 4.0–4.0.0.3, 4.1.0–4.1.0.1, and 4.1.1...
CVE-2021-38974
IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager are affected by CVE-2021-38974. An authenticated user can cause a denial of service by sending specially crafted HTTP requests, due to improper handling of certain requests (network access, low attack complexi...
CVE-2021-38981
The CVE-2021-38981 issue affects IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager, with external access allowing a remote attacker to obtain sensitive information via a detailed technical error message returned in the browser. Affected versions span TKLM 3.0...
CVE-2021-38982
Summary: CVE-2021-38982 affects IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager. Affected versions include TKLM 3.0–3.0.0.4, 3.0.1–3.0.1.5, 4.0–4.0.0.3, and 4.1.0–4.1.0.1, with the vulnerability being a Cross-Site Scripting (XSS) in the Web UI that could al...
CVE-2023-47702
CVE-2023-47702 affects IBM Security Guardium Key Lifecycle Manager. The connected documents specify a path traversal vulnerability where a remote attacker could craft URL requests containing dot-dot sequences (/../) to traverse directories and view/modify files on the system. The issue is tied to...
CVE-2023-47703
IBM Security Guardium Key Lifecycle Manager 4.3 is affected by CVE-2023-47703, which, per the sources, could allow a remote attacker to obtain sensitive information via a detailed technical browser error message. The issue relates to information disclosure (C/L with low confidentiality impact) an...
CVE-2021-38972
The CVE-2021-38972 issue affects IBM Security Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager. The root cause is improper or insufficient input validation in TKLM when handling input/data, as described in IBM’s advisory. Affected versions are TKLM/Guardium KLM 3.0 (up...
CVE-2021-38978
IBM Tivoli Key Lifecycle Manager (TKLM) and related IBM Security Guardium Key Lifecycle Manager versions (3.0–4.1) are affected by CVE-2021-38978 due to failure to properly enable HTTP Strict Transport Security. This allows a remote attacker to potentially obtain sensitive information via MITM. A...
CVE-2021-38979
CVE-2021-38979 affects IBM Security Key Lifecycle Manager (TKLM) / IBM Security Guardium Key Lifecycle Manager. The root cause is the use of a one-way cryptographic hash on inputs that should not be reversible without also applying a salt, per the description. Affected versions include TKLM 3.0–3...
CVE-2021-38983
The CVE-2021-38983 issue affects IBM Security Key Lifecycle Manager / Tivoli Key Lifecycle Manager (TKLM) versions 3.0, 3.0.1, 4.0, and 4.1, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The vulnerability is documented across ...
CVE-2021-38975
CVE-2021-38975 describes an information-exposure vulnerability in IBM Security Key Lifecycle Manager / Tivoli Key Lifecycle Manager. The IBM Security Guardium Key Lifecycle Manager product line (TKLM) versions 3.0–4.0.x and 4.1.x allow an authenticated user to obtain sensitive information via a s...
CVE-2021-38980
CVE-2021-38980 affects IBM Security Guardium Key Lifecycle Manager (TKLM) on containerized platforms, including versions 4.0, 4.1.0, and 4.1.1. The vulnerability is an information disclosure where a detailed technical error message rendered in the browser could allow a remote attacker to obtain s...
CVE-2021-38977
Summary: CVE-2021-38977 affects IBM Tivoli Key Lifecycle Manager (TKLM) versions 3.0–4.1. The vulnerability arises because authorization tokens and session cookies are not marked with the Secure attribute, enabling an attacker to capture cookie values by persuading a user to visit an http (non-HT...
CVE-2023-47706
CVE-2023-47706 affects IBM Security Guardium Key Lifecycle Manager (KLM) 4.3. An authenticated user could upload files of a dangerous file type. The connected IBM bulletin lists multiple vulnerabilities in GKLM and notes fixes in GKLM v4.2.0.2; it instructs applying the latest fix packs. The exac...
CVE-2021-38973
CVE-2021-38973 affects IBM Security Key Lifecycle Manager / IBM Security Guardium Key Lifecycle Manager. The vulnerability stems from hazardous input validation where the software accepts input without properly verifying required properties. Affected versions include TKLM/Guardium TKLM 3.0 (up to...
CVE-2023-47707
CVE-2023-47707 affects IBM Security Guardium Key Lifecycle Manager (GKLM) 4.3. It is a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. The primary affected product i...
CVE-2021-38984
CVE-2021-38984 affects IBM Security Key Lifecycle Manager / IBM Security Guardium Key Lifecycle Manager (TKLM) with weaker-than-expected encryption allowing decryption of sensitive data. Affected: TKLM 3.0 (3.0.0.4 and 3.0.1.x up to 3.0.1.5), TKLM 4.0 (up to 4.0.0.3), GKLM 4.1 (4.1.0–4.1.0.1 and ...
CVE-2021-38976
IBM Tivoli Key Lifecycle Manager stores user credentials in plaintext, enabling local access to read them. Affected: TKLM 3.0–4.0 (including 3.0.x, 3.0.1, 4.0) and Guardium Key Lifecycle Manager 4.1.0–4.1.1. The issue stems from cleartext storage of credentials. Remediation: upgrade to 4.1.1 - Fi...