Ibm Security Guardium Key Lifecycle Manager
15 CVEs affecting Ibm Security Guardium Key Lifecycle Manager. Latest disclosed: 2024-12-17. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-25921 | High | 8.5 | 2024-02-29 | IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be aut… |
CVE-2023-25925 | High | 8.5 | 2024-02-28 | IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the sy… |
CVE-2023-47706 | Medium | 6.6 | 2023-12-20 | IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341. |
CVE-2023-25926 | Medium | 5.5 | 2024-02-29 | IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML… |
CVE-2023-47707 | Medium | 5.4 | 2023-12-20 | IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in th… |
CVE-2023-47703 | Medium | 5.3 | 2023-12-20 | IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is return… |
CVE-2024-49816 | Medium | 4.9 | 2024-12-17 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local pr… |
CVE-2024-49817 | Medium | 4.4 | 2024-12-17 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged… |
CVE-2024-49818 | Medium | 4.3 | 2024-12-17 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed techni… |
CVE-2023-25922 | Medium | 4.3 | 2024-02-28 | IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be auto… |
CVE-2023-47702 | Medium | 4.3 | 2023-12-20 | IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted… |
CVE-2023-47705 | Medium | 4.3 | 2023-12-20 | IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID… |
CVE-2024-49819 | Medium | 4.1 | 2024-12-17 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a commun… |
CVE-2023-47704 | Medium | 4.0 | 2023-12-20 | IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. |
CVE-2024-49820 | Low | 3.7 | 2024-12-17 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure t… |