Security Guardium Key Lifecycle Manager@4.1 Security Vulnerabilities and Issues — Security Guardium Key Lifecycle Manager@4.1 CVE List

Lucene search

IbmSecurity Guardium Key Lifecycle Manager4.1

9 matches found

CVE•added 2024/12/17 6:15 p.m.•126 views

CVE-2024-49820

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in ...

3.7CVSS3.9AI score0.00023EPSS

CVE•added 2024/12/17 6:15 p.m.•122 views

CVE-2024-49818

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

4.3CVSS4.3AI score0.00043EPSS

CVE•added 2024/02/28 10:15 p.m.•116 views

CVE-2023-25925

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.

8.8CVSS8.3AI score0.00148EPSS

CVE•added 2024/02/28 10:15 p.m.•101 views

CVE-2023-25922

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621.

8.8CVSS4.4AI score0.00052EPSS

CVE•added 2024/02/29 1:38 a.m.•95 views

CVE-2023-25921

8.8CVSS7.9AI score0.00067EPSS

CVE•added 2024/02/29 1:38 a.m.•93 views

CVE-2023-25926

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 247599...

8.2CVSS5.5AI score0.00036EPSS

CVE•added 2024/12/17 6:15 p.m.•82 views

CVE-2024-49817

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.

4.4CVSS4.5AI score0.00015EPSS

CVE•added 2024/12/17 6:15 p.m.•80 views

CVE-2024-49816

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

4.9CVSS4.7AI score0.00035EPSS

CVE•added 2024/12/17 6:15 p.m.•80 views

CVE-2024-49819

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

7.5CVSS4AI score0.00018EPSS