CVE-2023-25684 – IBM Security Key Lifecycle Manager SQL injection
https://notcve.org/view.php?id=CVE-2023-25684
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247597 https://www.ibm.com/support/pages/node/6962729 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-25686 – IBM Security Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2023-25686
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247601 https://www.ibm.com/support/pages/node/6962729 • CWE-522: Insufficiently Protected Credentials •
CVE-2023-25923 – IBM Security Key Lifecycle Manager denial of service
https://notcve.org/view.php?id=CVE-2023-25923
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247629 https://www.ibm.com/support/pages/node/6962729 • CWE-863: Incorrect Authorization •
CVE-2023-25688 – IBM Security Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2023-25688
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247606 https://www.ibm.com/support/pages/node/6962729 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-25687 – IBM Security Key Lifecycle Manager information disclosure
https://notcve.org/view.php?id=CVE-2023-25687
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247602 https://www.ibm.com/support/pages/node/6962729 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •