Vulnerabilities > IBM > Security KEY Lifecycle Manager > 4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-22 | CVE-2023-25688 | Path Traversal vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. | 5.3 |
| 2023-03-22 | CVE-2023-25924 | Incorrect Authorization vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. | 8.8 |
| 2023-03-21 | CVE-2023-25684 | SQL Injection vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. | 9.8 |
| 2023-03-21 | CVE-2023-25686 | Insufficiently Protected Credentials vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2023-03-21 | CVE-2023-25923 | Incorrect Authorization vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. | 7.5 |
| 2023-03-21 | CVE-2023-25687 | Information Exposure Through Log Files vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. | 4.3 |
| 2023-03-21 | CVE-2023-25689 | Path Traversal vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. | 5.3 |