Vulnerabilities > IBM > Security Guardium KEY Lifecycle Manager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-20 | CVE-2023-47704 | Use of Hard-coded Credentials vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0 IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. | 7.5 |
| 2023-12-20 | CVE-2023-47706 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Guardium KEY Lifecycle Manager 4.2.0 IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. | 8.8 |
| 2021-11-15 | CVE-2021-38979 | Use of Password Hash With Insufficient Computational Effort vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. | 7.5 |
| 2021-11-15 | CVE-2021-38983 | Inadequate Encryption Strength vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-11-15 | CVE-2021-38984 | Inadequate Encryption Strength vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |