Skip to main content

Security Guardium Key Lifecycle Manager

25 CVEs product

Monthly

CVE-2024-49820 LOW Monitor

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2024-49819 HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-49818 MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-49817 MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-49816 MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-47707 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47705 MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-47703 MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-47702 CRITICAL Act Now

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-47706 HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-47704 HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-38980 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-38984 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-38983 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-38982 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-38981 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-38979 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-38978 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2021-38977 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-38976 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38975 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-38974 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-38985 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-38973 LOW PATCH Monitor

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2021-38972 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
EPSS 0% CVSS 3.7
LOW Monitor

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Guardium Key Lifecycle Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy