cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-49816,https://securityvulnerability.io/vulnerability/CVE-2024-49816,Local Privilege Escalation Risk in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49816 identifies a significant local privilege escalation vulnerability affecting IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1. The risk arises from the application storing potentially sensitive information within log files that can be accessed by local privileged users. This improper handling of sensitive data could facilitate unauthorized access, leading to possible data breaches and exploitation of critical systems. Organizations using the affected versions are advised to evaluate and mitigate risks by securing log files and applying necessary updates to safeguard their environment.",IBM,Security Guardium Key Lifecycle Manager,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49819,https://securityvulnerability.io/vulnerability/CVE-2024-49819,Sensitive Data Exposure in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49819 is a critical vulnerability found in specific versions of IBM Security Guardium Key Lifecycle Manager, namely 4.1, 4.1.1, 4.2.0, and 4.2.1. This vulnerability allows a remote attacker to intercept and retrieve sensitive information transmitted in cleartext over insecure communication channels. Unauthorized access to such data poses significant risks, including data breaches and unauthorized disclosure of sensitive corporate information. It is crucial for users of the affected products to apply necessary patches and security measures to mitigate potential threats. For detailed guidance, refer to IBM's support page.",IBM,Security Guardium Key Lifecycle Manager,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49818,https://securityvulnerability.io/vulnerability/CVE-2024-49818,Sensitive Information Exposure in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49818 is a high-risk vulnerability affecting specific versions of the IBM Security Guardium Key Lifecycle Manager. It may allow remote attackers to glean sensitive information from detailed technical error messages displayed in web browsers. This exposure could facilitate further attacks on the system, making it imperative for organizations utilizing this software to apply the recommended security updates and monitor their systems for unusual activity.",IBM,Security Guardium Key Lifecycle Manager,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49820,https://securityvulnerability.io/vulnerability/CVE-2024-49820,Remote Information Disclosure Vulnerability in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49820 is a critical vulnerability affecting specific versions of IBM Security Guardium Key Lifecycle Manager. This issue arises from the improper enforcement of HTTP Strict Transport Security (HSTS), which could allow remote attackers to exploit the system using man-in-the-middle techniques. Such an exploit could lead to the unauthorized disclosure of sensitive information, putting organizations at risk. It is vital for users of affected versions (4.1, 4.1.1, 4.2.0, 4.2.1) to apply patches and strengthen their security configurations to mitigate this risk.",IBM,Security Guardium Key Lifecycle Manager,3.7,LOW,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-49817,https://securityvulnerability.io/vulnerability/CVE-2024-49817,Local Privilege Escalation in IBM Security Guardium Key Lifecycle Manager,"CVE-2024-49817 is a significant local privilege escalation vulnerability found in IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1. This flaw arises from the application's insecure handling of user credentials, which are stored in configuration files. These files can be accessed by local privileged users, potentially allowing them to exploit the vulnerability to gain unauthorized access to sensitive information. It is crucial for organizations utilizing these versions to implement recommendations from IBM's support resources to mitigate the risks associated with this vulnerability.",IBM,Security Guardium Key Lifecycle Manager,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2023-25921,https://securityvulnerability.io/vulnerability/CVE-2023-25921,Key Lifecycle Manager Vulnerability Allows File Upload Attacks,"The vulnerability in IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows an attacker to upload or transfer files of dangerous types. These malicious files can be automatically processed within the product's environment, potentially leading to unauthorized access or compromise of sensitive data. This highlights the importance of implementing robust security measures to mitigate risks associated with file uploads in data management solutions.",IBM,Security Guardium Key Lifecycle Manager,8.8,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2024-02-29T00:36:01.872Z,0
CVE-2023-25926,https://securityvulnerability.io/vulnerability/CVE-2023-25926,IBM Security Guardium Key Lifecycle Manager Vulnerable to XML External Entity Injection Attack,"IBM Security Guardium Key Lifecycle Manager is susceptible to an XML External Entity Injection vulnerability that occurs during the processing of XML data. This vulnerability allows a remote attacker to manipulate XML content in such a way that it can result in the exposure of sensitive information or excessive consumption of memory resources. Such exploitation could lead to further attacks or unauthorized access, impacting the confidentiality and integrity of the system's data.",IBM,Security Guardium Key Lifecycle Manager,8.2,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2024-02-29T00:27:14.988Z,0
CVE-2023-25925,https://securityvulnerability.io/vulnerability/CVE-2023-25925,Arbitrary Command Execution Vulnerability in IBM Security Guardium Key Lifecycle Manager,"A security vulnerability exists in IBM Security Guardium Key Lifecycle Manager that allows a remote authenticated attacker to execute arbitrary commands on the system. This occurs through the submission of specially crafted requests, potentially compromising the integrity and security of the affected systems. It's essential for users of the Key Lifecycle Manager to review and apply mitigations to minimize risks associated with this vulnerability.",IBM,Security Guardium Key Lifecycle Manager,8.8,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2024-02-28T21:53:27.276Z,0
CVE-2023-25922,https://securityvulnerability.io/vulnerability/CVE-2023-25922,Key Lifecycle Manager Vulnerability Allows File Upload Attacks,"IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 contain a vulnerability that permits attackers to upload or transfer files of potentially harmful types. These files can be processed automatically within the product's operating environment, which raises serious concerns about data integrity and security within organizations using this product. The exposure allows for the possible manipulation or misuse of sensitive information, emphasizing the need for immediate remediation to protect against unauthorized file processing.",IBM,Security Guardium Key Lifecycle Manager,8.8,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2024-02-28T21:44:51.466Z,0
CVE-2023-47707,https://securityvulnerability.io/vulnerability/CVE-2023-47707,IBM Security Guardium Key Lifecycle Manager cross-site scripting,IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  271522.,IBM,Security Guardium Key Lifecycle Manager,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-12-20T02:15:00.000Z,0
CVE-2023-47703,https://securityvulnerability.io/vulnerability/CVE-2023-47703,IBM Security Guardium Key Lifecycle Manager information disclosure,IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.  IBM X-Force ID:  271197.,IBM,Security Guardium Key Lifecycle Manager,5.3,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2023-12-20T02:15:00.000Z,0
CVE-2023-47705,https://securityvulnerability.io/vulnerability/CVE-2023-47705,IBM Security Guardium Key Lifecycle Manager improper input validation,IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation.  IBM X-Force ID:  271228.,IBM,Security Guardium Key Lifecycle Manager,4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-12-20T02:15:00.000Z,0
CVE-2023-47702,https://securityvulnerability.io/vulnerability/CVE-2023-47702,IBM Security Guardium Key Lifecycle Manager directory traversal,"IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing ""dot dot"" sequences (/../) to view modify files on the system.  IBM X-Force ID:  271196.",IBM,Security Guardium Key Lifecycle Manager,4.3,MEDIUM,0.0013000000035390258,false,,false,false,false,,,false,false,,2023-12-20T02:15:00.000Z,0
CVE-2023-47704,https://securityvulnerability.io/vulnerability/CVE-2023-47704,IBM Security Guardium Key Lifecycle Manager information disclosure,IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository.  IBM X-Force ID:  271220.,IBM,Security Guardium Key Lifecycle Manager,4,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2023-12-20T01:15:00.000Z,0
CVE-2023-47706,https://securityvulnerability.io/vulnerability/CVE-2023-47706,IBM Security Guardium Key Lifecycle Manager file upload,IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type.  IBM X-Force ID:  271341.,IBM,Security Guardium Key Lifecycle Manager,6.6,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2023-12-20T01:15:00.000Z,0
CVE-2023-25688,https://securityvulnerability.io/vulnerability/CVE-2023-25688,IBM Security Key Lifecycle Manager information disclosure,"IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system.  IBM X-Force ID:  247606.",IBM,Security Key Lifecycle Manager,5.3,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2023-03-22T06:15:00.000Z,0
CVE-2023-25924,https://securityvulnerability.io/vulnerability/CVE-2023-25924,IBM Security Key Lifecycle Manager improper authorization,"IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 are susceptible to improper authorization vulnerabilities, allowing authenticated users to execute unauthorized actions. This loophole can potentially lead to unauthorized access and manipulation of sensitive data, posing a genuine risk to the security posture of organizations utilizing these versions. It is crucial for users of IBM Security Guardium Key Lifecycle Manager to assess their exposure and apply necessary mitigations.",IBM,Security Key Lifecycle Manager,8.8,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-03-22T06:15:00.000Z,0
CVE-2023-25684,https://securityvulnerability.io/vulnerability/CVE-2023-25684,IBM Security Key Lifecycle Manager SQL injection,"IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 are affected by a SQL injection vulnerability that allows remote attackers to exploit the system. Attackers can send specially crafted SQL statements that may result in unauthorized access to the backend database, enabling them to view, add, modify, or delete sensitive information. Protecting against this vulnerability is essential to safeguard data integrity and maintain a secure operational environment.",IBM,Security Key Lifecycle Manager,9.8,CRITICAL,0.001120000029914081,false,,false,false,false,,,false,false,,2023-03-21T17:15:00.000Z,0
CVE-2023-25923,https://securityvulnerability.io/vulnerability/CVE-2023-25923,IBM Security Key Lifecycle Manager denial of service,"The IBM Security Guardium Key Lifecycle Manager is susceptible to a file upload vulnerability that arises from improper authorization checks. An attacker could exploit this vulnerability to upload malicious files, potentially leading to denial of service attacks. This weakness affects versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1, making it critical for users of these versions to secure their systems against this threat.",IBM,Security Key Lifecycle Manager,7.5,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-03-21T16:15:00.000Z,0
CVE-2023-25686,https://securityvulnerability.io/vulnerability/CVE-2023-25686,IBM Security Key Lifecycle Manager information disclosure,"IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user.  IBM X-Force ID:  247601.",IBM,Security Key Lifecycle Manager,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-03-21T16:15:00.000Z,0
CVE-2023-25687,https://securityvulnerability.io/vulnerability/CVE-2023-25687,IBM Security Key Lifecycle Manager information disclosure,"IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files.  IBM X-Force ID:  247602.",IBM,Security Key Lifecycle Manager,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-03-21T15:15:00.000Z,0
CVE-2023-25689,https://securityvulnerability.io/vulnerability/CVE-2023-25689,IBM Security Key Lifecycle Manager information disclosure,"IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system.  IBM X-Force ID:  247618.",IBM,Security Key Lifecycle Manager,5.3,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2023-03-21T15:15:00.000Z,0
CVE-2021-38980,https://securityvulnerability.io/vulnerability/CVE-2021-38980,Information Disclosure Vulnerability in IBM Tivoli Key Lifecycle Manager by IBM,"An information disclosure vulnerability exists in IBM Tivoli Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, and 4.1 due to improper handling of error messages. Attackers exploiting this flaw could retrieve sensitive information presented in detailed technical error messages displayed in web browsers. This exposed information may facilitate further unauthorized attacks on the system. For more information, refer to IBM's official resources and the X-Force ID: 212786.",IBM,Security Key Lifecycle Manager,2.7,LOW,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-11-23T20:15:00.000Z,0
CVE-2021-38983,https://securityvulnerability.io/vulnerability/CVE-2021-38983,Cryptographic Algorithm Flaw in IBM Tivoli Key Lifecycle Manager,"IBM Tivoli Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, and 4.1 are affected by a vulnerability stemming from the use of cryptographic algorithms that do not provide adequate security. This weakness can potentially allow unauthorized users to decrypt sensitive information, exposing critical data and undermining system integrity. Organizations utilizing affected versions are encouraged to review their security measures and implement mitigations.",IBM,Security Key Lifecycle Manager,4.4,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2021-11-15T16:15:00.000Z,0
CVE-2021-38979,https://securityvulnerability.io/vulnerability/CVE-2021-38979,Cryptographic Weakness in IBM Tivoli Key Lifecycle Manager Software,"IBM Tivoli Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, and 4.1 exhibit a critical cryptographic weakness due to the absence of a salt in the password hashing process. This oversight means that a one-way cryptographic hash, which should provide security for sensitive data, is vulnerable to brute-force attacks and rainbow table attacks. Without proper salting, the resistance against reverse engineering is significantly lowered, exposing users to potential data breaches and unauthorized access.",IBM,Security Key Lifecycle Manager,4.4,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2021-11-15T16:15:00.000Z,0