Key Lifecycle Manager Vulnerability Allows File Upload Attacks
CVE-2023-25922
8.8HIGH
Key Information:
- Vendor
IBM
- Vendor
- CVE Published:
- 28 February 2024
What is CVE-2023-25922?
IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 contain a vulnerability that permits attackers to upload or transfer files of potentially harmful types. These files can be processed automatically within the product's operating environment, which raises serious concerns about data integrity and security within organizations using this product. The exposure allows for the possible manipulation or misuse of sensitive information, emphasizing the need for immediate remediation to protect against unauthorized file processing.
Affected Version(s)
Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, 4.1.1