Skip to main content

Security Guardium Key Lifecycle Manager CVE-2023-47703

MEDIUM
Error Message Information Leak (CWE-209)
2023-12-20 psirt@us.ibm.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 20, 2023 - 02:15 nvd
MEDIUM 5.3

DescriptionNVD

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197.

AnalysisAI

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-209. IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197. Affected products include: Ibm Security Guardium Key Lifecycle Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-47702 CRITICAL
9.1 Dec 20

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. Rat

CVE-2023-47706 HIGH
8.8 Dec 20

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file ty

CVE-2024-49819 HIGH
7.5 Dec 17

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensiti

CVE-2023-47704 HIGH
7.5 Dec 20

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source co

CVE-2021-38984 HIGH
7.5 Nov 15

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could

CVE-2021-38983 HIGH
7.5 Nov 15

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could

CVE-2021-38979 HIGH
7.5 Nov 15

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should

CVE-2021-38975 MEDIUM
6.5 Nov 15

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive infor

CVE-2021-38974 MEDIUM
6.5 Nov 15

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service

CVE-2021-38978 MEDIUM
5.9 Nov 15

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information,

CVE-2021-38976 MEDIUM
5.5 Nov 15

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read

CVE-2023-47707 MEDIUM
5.4 Dec 20

IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4),

Share

CVE-2023-47703 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy