IBM Security Key Lifecycle Manager improper authorization
CVE-2023-25924
5.4MEDIUM
Summary
IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 are susceptible to improper authorization vulnerabilities, allowing authenticated users to execute unauthorized actions. This loophole can potentially lead to unauthorized access and manipulation of sensitive data, posing a genuine risk to the security posture of organizations utilizing these versions. It is crucial for users of IBM Security Guardium Key Lifecycle Manager to assess their exposure and apply necessary mitigations.
Affected Version(s)
Security Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , 4.1.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved