Vulnerabilities > IBM > Security KEY Lifecycle Manager

DATE CVE VULNERABILITY TITLE RISK
2023-03-22 CVE-2023-25688 Unspecified vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm
5.3
2023-03-22 CVE-2023-25924 Unspecified vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization.
network
low complexity
ibm
8.8
2023-03-21 CVE-2023-25684 Unspecified vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection.
network
low complexity
ibm
critical
9.8
2023-03-21 CVE-2023-25686 Insufficiently Protected Credentials vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2023-03-21 CVE-2023-25923 Unspecified vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization.
network
low complexity
ibm
7.5
2023-03-21 CVE-2023-25687 Information Exposure Through Log Files vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files.
network
low complexity
ibm CWE-532
4.3
2023-03-21 CVE-2023-25689 Unspecified vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm
5.3
2021-11-23 CVE-2021-38980 Information Exposure Through an Error Message vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
2021-11-15 CVE-2021-38974 Unspecified vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests.
network
low complexity
ibm
6.5
2021-11-15 CVE-2021-38975 Unspecified vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request.
network
low complexity
ibm
6.5