Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-22 | CVE-2023-25688 | Unspecified vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. | 5.3 |
| 2023-03-22 | CVE-2023-25924 | Unspecified vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. | 8.8 |
| 2023-03-21 | CVE-2023-25684 | Unspecified vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. | 9.8 |
| 2023-03-21 | CVE-2023-25686 | Insufficiently Protected Credentials vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2023-03-21 | CVE-2023-25923 | Unspecified vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. | 7.5 |
| 2023-03-21 | CVE-2023-25687 | Information Exposure Through Log Files vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. | 4.3 |
| 2023-03-21 | CVE-2023-25689 | Unspecified vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. | 5.3 |
| 2023-03-21 | CVE-2023-27871 | SQL Injection vulnerability in IBM Aspera Faspex 4.4.1/4.4.2 IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. | 7.5 |
| 2023-03-21 | CVE-2023-27873 | Unspecified vulnerability in IBM Aspera Faspex 4.4.1/4.4.2 IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. | 6.5 |
| 2023-03-21 | CVE-2023-27874 | Unspecified vulnerability in IBM Aspera Faspex 4.4.1/4.4.2 IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 8.8 |