Page 2 of 76 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. IBM Security Guardium Key Lifecycle Manager 4.3 contiene credenciales codificadas en texto plano u otros secretos en el repositorio de código fuente. ID de IBM X-Force: 271220. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271220 https://www.ibm.com/support/pages/node/7091157 • CWE-798: Use of Hard-coded Credentials •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247597 https://www.ibm.com/support/pages/node/6962729 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247601 https://www.ibm.com/support/pages/node/6962729 • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247629 https://www.ibm.com/support/pages/node/6962729 • CWE-863: Incorrect Authorization •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247606 https://www.ibm.com/support/pages/node/6962729 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •