Vulnerabilities > IBM > Security Guardium KEY Lifecycle Manager > 4.2.0

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-17	CVE-2024-49816	Information Exposure Through Log Files vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. local low complexity ibm CWE-532	4.4
2024-12-17	CVE-2024-49817	Insufficiently Protected Credentials vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. local low complexity ibm CWE-522	4.4
2024-12-17	CVE-2024-49818	Information Exposure Through an Error Message vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. network low complexity ibm CWE-209	4.3
2024-12-17	CVE-2024-49819	Cleartext Transmission of Sensitive Information vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. network low complexity ibm CWE-319	7.5
2024-12-17	CVE-2024-49820	Cleartext Transmission of Sensitive Information vulnerability in IBM Security Guardium KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. network high complexity ibm CWE-319	3.7
2023-12-20	CVE-2023-47702	Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0 IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. network low complexity ibm critical	9.1
2023-12-20	CVE-2023-47703	Information Exposure Through an Error Message vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0 IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. network low complexity ibm CWE-209	5.3
2023-12-20	CVE-2023-47705	Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0 IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. network low complexity ibm	4.3
2023-12-20	CVE-2023-47707	Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0 IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. network low complexity ibm	5.4
2023-12-20	CVE-2023-47704	Unspecified vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0 IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. network low complexity ibm	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.