Lucene search

IbmCVELIST:CVE-2023-25921

HistoryFeb 29, 2024 - 12:36 a.m.

CVE-2023-25921 IBM Security Guardium Key Lifecycle Manager file upload

2024-02-2900:36:01

CWE-434

ibm

www.cve.org

ibm security guardium

key lifecycle manager

file upload

vulnerability

ibm x-force

247620

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

9.0%

JSON

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. IBM X-Force ID: 247620.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Security Guardium Key Lifecycle Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.0, 3.0.1, 4.0, 4.1, 4.1.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/247620

www.ibm.com/support/pages/node/6964516

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-25921