cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-49336,https://securityvulnerability.io/vulnerability/CVE-2024-49336,Server-Side Request Forgery Vulnerability in IBM Security Guardium,"The vulnerability in IBM Security Guardium 11.5 is categorized as a server-side request forgery (SSRF), allowing an authenticated attacker to manipulate requests sent from the system to external services. This vulnerability can lead to unauthorized access, network enumeration, and potentially enable the attacker to engineer other types of attacks leveraging the compromised request context. Organizations utilizing this version should be aware of the potential implications on their network security and take immediate action to mitigate the associated risks.",IBM,Security Guardium,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-19T18:15:00.000Z,0
CVE-2024-49817,https://securityvulnerability.io/vulnerability/CVE-2024-49817,Local Privilege Escalation in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49817 is a significant local privilege escalation vulnerability found in IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1. This flaw arises from the application's insecure handling of user credentials, which are stored in configuration files. These files can be accessed by local privileged users, potentially allowing them to exploit the vulnerability to gain unauthorized access to sensitive information. It is crucial for organizations utilizing these versions to implement recommendations from IBM's support resources to mitigate the risks associated with this vulnerability.",IBM,Security Guardium Key Lifecycle Manager,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49818,https://securityvulnerability.io/vulnerability/CVE-2024-49818,Sensitive Information Exposure in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49818 is a high-risk vulnerability affecting specific versions of the IBM Security Guardium Key Lifecycle Manager. It may allow remote attackers to glean sensitive information from detailed technical error messages displayed in web browsers. This exposure could facilitate further attacks on the system, making it imperative for organizations utilizing this software to apply the recommended security updates and monitor their systems for unusual activity.",IBM,Security Guardium Key Lifecycle Manager,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49820,https://securityvulnerability.io/vulnerability/CVE-2024-49820,Remote Information Disclosure Vulnerability in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49820 is a critical vulnerability affecting specific versions of IBM Security Guardium Key Lifecycle Manager. This issue arises from the improper enforcement of HTTP Strict Transport Security (HSTS), which could allow remote attackers to exploit the system using man-in-the-middle techniques. Such an exploit could lead to the unauthorized disclosure of sensitive information, putting organizations at risk. It is vital for users of affected versions (4.1, 4.1.1, 4.2.0, 4.2.1) to apply patches and strengthen their security configurations to mitigate this risk.",IBM,Security Guardium Key Lifecycle Manager,3.7,LOW,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49819,https://securityvulnerability.io/vulnerability/CVE-2024-49819,Sensitive Data Exposure in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49819 is a critical vulnerability found in specific versions of IBM Security Guardium Key Lifecycle Manager, namely 4.1, 4.1.1, 4.2.0, and 4.2.1. This vulnerability allows a remote attacker to intercept and retrieve sensitive information transmitted in cleartext over insecure communication channels. Unauthorized access to such data poses significant risks, including data breaches and unauthorized disclosure of sensitive corporate information. It is crucial for users of the affected products to apply necessary patches and security measures to mitigate potential threats. For detailed guidance, refer to IBM's support page.",IBM,Security Guardium Key Lifecycle Manager,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49816,https://securityvulnerability.io/vulnerability/CVE-2024-49816,Local Privilege Escalation Risk in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49816 identifies a significant local privilege escalation vulnerability affecting IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1. The risk arises from the application storing potentially sensitive information within log files that can be accessed by local privileged users. This improper handling of sensitive data could facilitate unauthorized access, leading to possible data breaches and exploitation of critical systems. Organizations using the affected versions are advised to evaluate and mitigate risks by securing log files and applying necessary updates to safeguard their environment.",IBM,Security Guardium Key Lifecycle Manager,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2023-47710,https://securityvulnerability.io/vulnerability/CVE-2023-47710,IBM Security Guardium Vulnerable to Cross-Site Scripting,"IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  271525.",IBM,Security Guardium,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-24T12:01:02.658Z,0
CVE-2023-47717,https://securityvulnerability.io/vulnerability/CVE-2023-47717,Unauthorized Actions Could Lead to Denial of Service,IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service.  IBM X-Force ID:  271690.,IBM,Security Guardium,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-16T17:22:21.688Z,0
CVE-2023-47712,https://securityvulnerability.io/vulnerability/CVE-2023-47712,IBM Security Guardium Vulnerabilities Could Lead to Elevated Privileges,"A vulnerability exists in IBM Security Guardium versions 11.3, 11.4, 11.5, and 12.0 that can be exploited by local users to elevate their privileges on the system. The issue stems from inadequate permissions control that does not properly restrict user access levels. This oversight may lead to unauthorized actions and access to sensitive data, potentially compromising system integrity. Organizations using these versions should take immediate action to assess their exposure and implement recommended security patches.",IBM,Security Guardium,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-14T13:56:00.000Z,0
CVE-2023-47711,https://securityvulnerability.io/vulnerability/CVE-2023-47711,Possible Denial of Service Vulnerability in IBM Security Guardium,"IBM Security Guardium versions 11.3, 11.4, 11.5, and 12.0 contain a vulnerability that allows authenticated users the ability to upload files. This action can lead to a state of denial of service, impacting the availability and performance of the affected systems. Security measures should be reviewed to mitigate potential risks associated with this vulnerability, as noted by IBM X-Force ID: 271526.",IBM,Security Guardium,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-14T13:56:00.000Z,0
CVE-2023-47709,https://securityvulnerability.io/vulnerability/CVE-2023-47709,Arbitrary Command Execution Vulnerability in IBM Security Guardium,"The vulnerability in IBM Security Guardium affects versions 11.3, 11.4, 11.5, and 12.0, enabling a remote authenticated attacker to execute arbitrary commands on the system. This occurs through specially crafted requests sent to the vulnerable product, which may result in unauthorized actions and potential compromise of sensitive data within the environment.",IBM,Security Guardium,8.8,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-05-14T13:56:00.000Z,0
CVE-2023-25921,https://securityvulnerability.io/vulnerability/CVE-2023-25921,Key Lifecycle Manager Vulnerability Allows File Upload Attacks,"The vulnerability in IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows an attacker to upload or transfer files of dangerous types. These malicious files can be automatically processed within the product's environment, potentially leading to unauthorized access or compromise of sensitive data. This highlights the importance of implementing robust security measures to mitigate risks associated with file uploads in data management solutions.",IBM,Security Guardium Key Lifecycle Manager,8.8,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2024-02-29T00:36:01.872Z,0
CVE-2023-25926,https://securityvulnerability.io/vulnerability/CVE-2023-25926,IBM Security Guardium Key Lifecycle Manager Vulnerable to XML External Entity Injection Attack,"IBM Security Guardium Key Lifecycle Manager is susceptible to an XML External Entity Injection vulnerability that occurs during the processing of XML data. This vulnerability allows a remote attacker to manipulate XML content in such a way that it can result in the exposure of sensitive information or excessive consumption of memory resources. Such exploitation could lead to further attacks or unauthorized access, impacting the confidentiality and integrity of the system's data.",IBM,Security Guardium Key Lifecycle Manager,8.2,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2024-02-29T00:27:14.988Z,0
CVE-2023-25925,https://securityvulnerability.io/vulnerability/CVE-2023-25925,Arbitrary Command Execution Vulnerability in IBM Security Guardium Key Lifecycle Manager,"A security vulnerability exists in IBM Security Guardium Key Lifecycle Manager that allows a remote authenticated attacker to execute arbitrary commands on the system. This occurs through the submission of specially crafted requests, potentially compromising the integrity and security of the affected systems. It's essential for users of the Key Lifecycle Manager to review and apply mitigations to minimize risks associated with this vulnerability.",IBM,Security Guardium Key Lifecycle Manager,8.8,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2024-02-28T21:53:27.276Z,0
CVE-2023-25922,https://securityvulnerability.io/vulnerability/CVE-2023-25922,Key Lifecycle Manager Vulnerability Allows File Upload Attacks,"IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 contain a vulnerability that permits attackers to upload or transfer files of potentially harmful types. These files can be processed automatically within the product's operating environment, which raises serious concerns about data integrity and security within organizations using this product. The exposure allows for the possible manipulation or misuse of sensitive information, emphasizing the need for immediate remediation to protect against unauthorized file processing.",IBM,Security Guardium Key Lifecycle Manager,8.8,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2024-02-28T21:44:51.466Z,0
CVE-2023-47705,https://securityvulnerability.io/vulnerability/CVE-2023-47705,IBM Security Guardium Key Lifecycle Manager improper input validation,IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation.  IBM X-Force ID:  271228.,IBM,Security Guardium Key Lifecycle Manager,4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-12-20T02:15:00.000Z,0
CVE-2023-47702,https://securityvulnerability.io/vulnerability/CVE-2023-47702,IBM Security Guardium Key Lifecycle Manager directory traversal,"IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing ""dot dot"" sequences (/../) to view modify files on the system.  IBM X-Force ID:  271196.",IBM,Security Guardium Key Lifecycle Manager,4.3,MEDIUM,0.0013000000035390258,false,,false,false,false,,,false,false,,2023-12-20T02:15:00.000Z,0
CVE-2023-47703,https://securityvulnerability.io/vulnerability/CVE-2023-47703,IBM Security Guardium Key Lifecycle Manager information disclosure,IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.  IBM X-Force ID:  271197.,IBM,Security Guardium Key Lifecycle Manager,5.3,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2023-12-20T02:15:00.000Z,0
CVE-2023-47707,https://securityvulnerability.io/vulnerability/CVE-2023-47707,IBM Security Guardium Key Lifecycle Manager cross-site scripting,IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  271522.,IBM,Security Guardium Key Lifecycle Manager,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-12-20T02:15:00.000Z,0
CVE-2023-47704,https://securityvulnerability.io/vulnerability/CVE-2023-47704,IBM Security Guardium Key Lifecycle Manager information disclosure,IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository.  IBM X-Force ID:  271220.,IBM,Security Guardium Key Lifecycle Manager,4,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2023-12-20T01:15:00.000Z,0
CVE-2023-47706,https://securityvulnerability.io/vulnerability/CVE-2023-47706,IBM Security Guardium Key Lifecycle Manager file upload,IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type.  IBM X-Force ID:  271341.,IBM,Security Guardium Key Lifecycle Manager,6.6,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2023-12-20T01:15:00.000Z,0
CVE-2023-42004,https://securityvulnerability.io/vulnerability/CVE-2023-42004,IBM Security Guardium CSV injection,"IBM Security Guardium versions 11.3, 11.4, and 11.5 are susceptible to a CSV injection vulnerability that allows a remote attacker to execute arbitrary commands. This risk arises from the inadequate validation of content within CSV files, potentially leading to unauthorized command execution. Organizations using these versions of IBM Security Guardium should take immediate action to mitigate the risk associated with this vulnerability.",IBM,Security Guardium,8,HIGH,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-11-28T11:15:00.000Z,0
CVE-2022-43906,https://securityvulnerability.io/vulnerability/CVE-2022-43906,IBM Security Guardium information disclosure,IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.  IBM X-Force ID:  240897.,IBM,Security Guardium,3.1,LOW,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-10-04T13:50:52.970Z,0
CVE-2022-43903,https://securityvulnerability.io/vulnerability/CVE-2022-43903,IBM Security Guardium denial of service,"IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation.  IBM X-Force ID:  240894.",IBM,Security Guardium,4.3,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-09-05T00:15:00.000Z,0
CVE-2022-43904,https://securityvulnerability.io/vulnerability/CVE-2022-43904,IBM Security Guardium information disclosure,"IBM Security Guardium versions 11.3 and 11.4 are susceptible to a vulnerability that may allow unauthorized access to sensitive information. This issue arises from improper handling of excessive authentication attempts, potentially enabling attackers to gain access to confidential data. Organizations using these affected versions should assess their security posture and apply necessary mitigations as outlined in vendor advisories.",IBM,Security Guardium,7.5,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2023-08-28T00:15:00.000Z,0