Ibm

Security Guardium Key Lifecycle Manager

29 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.7

CVE-2024-49820

  • EPSS 0.03%
  • Published 17.12.2024 18:15:24
  • Last modified 10.01.2025 17:42:53

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerabil...

7.5

CVE-2024-49819

  • EPSS 0.02%
  • Published 17.12.2024 18:15:24
  • Last modified 10.01.2025 17:52:26

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

4.3

CVE-2024-49818

  • EPSS 0.06%
  • Published 17.12.2024 18:15:24
  • Last modified 07.01.2025 17:20:08

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further att...

4.4

CVE-2024-49817

  • EPSS 0.02%
  • Published 17.12.2024 18:15:23
  • Last modified 07.01.2025 17:23:31

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.

4.4

CVE-2024-49816

  • EPSS 0.06%
  • Published 17.12.2024 18:15:23
  • Last modified 07.01.2025 17:25:58

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

8.2

CVE-2023-25926

  • EPSS 0.04%
  • Published 29.02.2024 01:38:24
  • Last modified 13.12.2024 20:45:41

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or...

8.8

CVE-2023-25921

  • EPSS 0.07%
  • Published 29.02.2024 01:38:24
  • Last modified 13.12.2024 20:53:05

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.

8.8

CVE-2023-25925

  • EPSS 0.15%
  • Published 28.02.2024 22:15:25
  • Last modified 13.12.2024 20:55:13

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.

8.8

CVE-2023-25922

  • EPSS 0.05%
  • Published 28.02.2024 22:15:25
  • Last modified 13.12.2024 20:59:47

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621.

5.4

CVE-2023-47707

  • EPSS 0.06%
  • Published 20.12.2023 02:15:44
  • Last modified 21.11.2024 08:30:42

IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo...