Security Guardium Key Lifecycle Manager@4.2.1 Security Vulnerabilities and Issues — Security Guardium Key Lifecycle Manager@4.2.1 CVE List

Lucene search

IbmSecurity Guardium Key Lifecycle Manager4.2.1

5 matches found

CVE•added 2024/12/17 6:15 p.m.•126 views

CVE-2024-49820

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in ...

3.7CVSS3.9AI score0.00023EPSS

CVE•added 2024/12/17 6:15 p.m.•122 views

CVE-2024-49818

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

4.3CVSS4.3AI score0.00043EPSS

CVE•added 2024/12/17 6:15 p.m.•82 views

CVE-2024-49817

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.

4.4CVSS4.5AI score0.00015EPSS

CVE•added 2024/12/17 6:15 p.m.•80 views

CVE-2024-49816

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

4.9CVSS4.7AI score0.00035EPSS

CVE•added 2024/12/17 6:15 p.m.•80 views

CVE-2024-49819

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

7.5CVSS4AI score0.00018EPSS