IBM Security Key Lifecycle Manager denial of service
CVE-2023-25923

2.7LOW

Key Information:

Vendor: IBM
Status: Security Key Lifecycle Manager
Vendor: CVE Published:; 21 March 2023

What is CVE-2023-25923?

The IBM Security Guardium Key Lifecycle Manager is susceptible to a file upload vulnerability that arises from improper authorization checks. An attacker could exploit this vulnerability to upload malicious files, potentially leading to denial of service attacks. This weakness affects versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1, making it critical for users of these versions to secure their systems against this threat.

Affected Version(s)

Security Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, 4.1.1

References

https://www.ibm.com/support/pages/node/6962729

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/247629

vdb-entry

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2023
Vulnerability Reserved
Feb 16, 2023