CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25023 – IBM Security Guardium information disclosure
https://notcve.org/view.php?id=CVE-2025-25023
09 Apr 2025 — IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment. • https://www.ibm.com/support/pages/node/7230467 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49336 – IBM Security Guardium server-side request forgery
https://notcve.org/view.php?id=CVE-2024-49336
19 Dec 2024 — IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. • https://www.ibm.com/support/pages/node/7179369 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49816 – IBM Security Guardium Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2024-49816
17 Dec 2024 — IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. • https://www.ibm.com/support/pages/node/7175067 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49820 – IBM Security Guardium Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2024-49820
17 Dec 2024 — IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict T... • https://www.ibm.com/support/pages/node/7175067 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49819 – IBM Security Guardium Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2024-49819
17 Dec 2024 — IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. • https://www.ibm.com/support/pages/node/7175067 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49818 – IBM Security Guardium Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2024-49818
17 Dec 2024 — IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7175067 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49817 – IBM Security Guardium Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2024-49817
17 Dec 2024 — IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. • https://www.ibm.com/support/pages/node/7175067 • CWE-260: Password in Configuration File •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47710 – IBM Security Guardium cross-site scripting
https://notcve.org/view.php?id=CVE-2023-47710
24 May 2024 — IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271525. IBM Security Guardium 11.4, 11.5 y 12.0 es vulnerable a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la func... • https://exchange.xforce.ibmcloud.com/vulnerabilities/271525 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47717 – IBM Security Guardium denial of service
https://notcve.org/view.php?id=CVE-2023-47717
16 May 2024 — IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690. IBM Security Guardium 12.0 podría permitir que un usuario privilegiado realice acciones no autorizadas que podrían provocar una denegación de servicio. ID de IBM X-Force: 271690. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271690 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47711 – IBM Security Guardium denial of service
https://notcve.org/view.php?id=CVE-2023-47711
11 May 2024 — IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526. IBM Security Guardium 11.3, 11.4, 11.5 y 12.0 podría permitir que un usuario autenticado cargue archivos que provocarían una denegación de servicio. ID de IBM X-Force: 271526. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271526 • CWE-434: Unrestricted Upload of File with Dangerous Type •