Ibm

Security Guardium Key Lifecycle Manager

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.7

CVE-2024-49820

  • EPSS 0.03%
  • Veröffentlicht 17.12.2024 18:15:24
  • Zuletzt bearbeitet 10.01.2025 17:42:53

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerabil...

7.5

CVE-2024-49819

  • EPSS 0.02%
  • Veröffentlicht 17.12.2024 18:15:24
  • Zuletzt bearbeitet 10.01.2025 17:52:26

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

4.3

CVE-2024-49818

  • EPSS 0.06%
  • Veröffentlicht 17.12.2024 18:15:24
  • Zuletzt bearbeitet 07.01.2025 17:20:08

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further att...

4.4

CVE-2024-49817

  • EPSS 0.02%
  • Veröffentlicht 17.12.2024 18:15:23
  • Zuletzt bearbeitet 07.01.2025 17:23:31

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.

4.4

CVE-2024-49816

  • EPSS 0.06%
  • Veröffentlicht 17.12.2024 18:15:23
  • Zuletzt bearbeitet 07.01.2025 17:25:58

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

8.2

CVE-2023-25926

  • EPSS 0.04%
  • Veröffentlicht 29.02.2024 01:38:24
  • Zuletzt bearbeitet 13.12.2024 20:45:41

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or...

8.8

CVE-2023-25921

  • EPSS 0.07%
  • Veröffentlicht 29.02.2024 01:38:24
  • Zuletzt bearbeitet 13.12.2024 20:53:05

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.

8.8

CVE-2023-25925

  • EPSS 0.15%
  • Veröffentlicht 28.02.2024 22:15:25
  • Zuletzt bearbeitet 13.12.2024 20:55:13

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.

8.8

CVE-2023-25922

  • EPSS 0.05%
  • Veröffentlicht 28.02.2024 22:15:25
  • Zuletzt bearbeitet 13.12.2024 20:59:47

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621.

5.4

CVE-2023-47707

  • EPSS 0.06%
  • Veröffentlicht 20.12.2023 02:15:44
  • Zuletzt bearbeitet 21.11.2024 08:30:42

IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo...