4.8
CVE-2026-1726
- EPSS 0.19%
- Veröffentlicht 22.04.2026 23:42:05
- Zuletzt bearbeitet 11.06.2026 14:16:26
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Guardium Key Lifecycle Manager Version4.1.0
Ibm ≫ Guardium Key Lifecycle Manager Version4.1.1
Ibm ≫ Guardium Key Lifecycle Manager Version4.2.0
Ibm ≫ Guardium Key Lifecycle Manager Version4.2.1
Ibm ≫ Guardium Key Lifecycle Manager Version5.0.0
Ibm ≫ Guardium Key Lifecycle Manager Version5.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.091 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.8 | 2.2 | 2.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://www.ibm.com/support/pages/node/7268697