IBM Security Key Lifecycle Manager denial of service
CVE-2023-25923

7.5HIGH

Key Information:

Vendor: IBM
Status: Security Key Lifecycle Manager
Vendor: CVE Published:; 21 March 2023

Summary

The IBM Security Guardium Key Lifecycle Manager is susceptible to a file upload vulnerability that arises from improper authorization checks. An attacker could exploit this vulnerability to upload malicious files, potentially leading to denial of service attacks. This weakness affects versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1, making it critical for users of these versions to secure their systems against this threat.

Affected Version(s)

Security Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, 4.1.1

References

https://www.ibm.com/support/pages/node/6962729

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/247629

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2023
Vulnerability Reserved
Feb 16, 2023