Lucene search

PRIOn knowledge basePRION:CVE-2023-47707

HistoryDec 20, 2023 - 2:15 a.m.

Cross site scripting

2023-12-2002:15:00

PRIOn knowledge base

www.prio-n.com

ibm security guardium

key lifecycle manager

cross-site scripting

web ui

arbitrary javascript code

credentials disclosure

trusted session

ibm x-force id 271522

nvd

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

JSON

IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522.

CPENameOperatorVersion
security_guardium_key_lifecycle_managerge4.2.0
security_guardium_key_lifecycle_managerle4.2.0.2

CPE	Name	Operator	Version
	security_guardium_key_lifecycle_manager	ge	4.2.0
	security_guardium_key_lifecycle_manager	le	4.2.0.2

References

exchange.xforce.ibmcloud.com/vulnerabilities/271522

www.ibm.com/support/pages/node/7091157