Local Privilege Escalation Risk in IBM Security Guardium Key Lifecycle Manager
CVE-2024-49816

4.4MEDIUM

Key Information:

Vendor
IBM
Status
Security Guardium Key Lifecycle Manager
Vendor
CVE Published:
17 December 2024

Summary

CVE-2024-49816 identifies a significant local privilege escalation vulnerability affecting IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1. The risk arises from the application storing potentially sensitive information within log files that can be accessed by local privileged users. This improper handling of sensitive data could facilitate unauthorized access, leading to possible data breaches and exploitation of critical systems. Organizations using the affected versions are advised to evaluate and mitigate risks by securing log files and applying necessary updates to safeguard their environment.

References

https://www.ibm.com/support/pages/node/7175067

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD Database
.