38 results (0.075 seconds)

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247597 https://www.ibm.com/support/pages/node/6962729 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247601 https://www.ibm.com/support/pages/node/6962729 • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247629 https://www.ibm.com/support/pages/node/6962729 • CWE-863: Incorrect Authorization •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247606 https://www.ibm.com/support/pages/node/6962729 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247602 https://www.ibm.com/support/pages/node/6962729 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •