IBM Security Guardium Key Lifecycle Manager Vulnerable to XML External Entity Injection Attack
CVE-2023-25926
8.2HIGH
Key Information:
- Vendor
IBM
- Vendor
- CVE Published:
- 29 February 2024
What is CVE-2023-25926?
IBM Security Guardium Key Lifecycle Manager is susceptible to an XML External Entity Injection vulnerability that occurs during the processing of XML data. This vulnerability allows a remote attacker to manipulate XML content in such a way that it can result in the exposure of sensitive information or excessive consumption of memory resources. Such exploitation could lead to further attacks or unauthorized access, impacting the confidentiality and integrity of the system's data.
Affected Version(s)
Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, 4.1.1