Ibm Security Guardium Key Lifecycle Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Security Guardium Key Lifecycle Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (29)
CVE-2023-25921 — CVSS 8.5 (high): IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous…
CVE-2023-25925 — CVSS 8.5 (high): IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute…
CVE-2021-38983 — CVSS 7.5 (high): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker…
CVE-2021-38979 — CVSS 7.5 (high): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible…
CVE-2021-38984 — CVSS 7.5 (high): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker…
CVE-2023-47706 — CVSS 6.6 (medium): IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID…
CVE-2021-38974 — CVSS 6.5 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially…
CVE-2021-38975 — CVSS 6.5 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a…
CVE-2021-38978 — CVSS 5.9 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the…
CVE-2021-38976 — CVSS 5.5 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user…
CVE-2023-25926 — CVSS 5.5 (medium): IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack…
CVE-2021-38982 — CVSS 5.4 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2023-47707 — CVSS 5.4 (medium): IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2021-38980 — CVSS 5.3 (medium): IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to…
CVE-2021-38981 — CVSS 5.3 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed…
CVE-2023-47703 — CVSS 5.3 (medium): IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical…
CVE-2024-49816 — CVSS 4.9 (medium): IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could…
CVE-2024-49817 — CVSS 4.4 (medium): IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read…
CVE-2021-38972 — CVSS 4.3 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that…
CVE-2021-38977 — CVSS 4.3 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies…
CVE-2021-38985 — CVSS 4.3 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that…
CVE-2023-25922 — CVSS 4.3 (medium): IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous…
CVE-2023-47702 — CVSS 4.3 (medium): IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send…
CVE-2023-47705 — CVSS 4.3 (medium): IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input…
CVE-2024-49818 — CVSS 4.3 (medium): IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when…
CVE-2024-49819 — CVSS 4.1 (medium): IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in…
CVE-2023-47704 — CVSS 4.0 (medium): IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM…
CVE-2024-49820 — CVSS 3.7 (low): IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information…
CVE-2021-38973 — CVSS 2.7 (low): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that…