Vulnerabilities > CVE-2023-47702 - Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

ibm

critical

NVD

Published: 2023-12-20

Updated: 2024-11-21

Summary

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Security Guardium KEY Lifecycle Manager 4.2.0	1
OS	Ibm IBM AIX -	1
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/271196
https://exchange.xforce.ibmcloud.com/vulnerabilities/271196
https://www.ibm.com/support/pages/node/7091157
https://www.ibm.com/support/pages/node/7091157