Local Privilege Escalation in IBM Security Guardium Key Lifecycle Manager
CVE-2024-49817

4.4MEDIUM

Key Information:

Vendor: IBM
Status: Security Guardium Key Lifecycle Manager
Vendor: CVE Published:; 17 December 2024

What is CVE-2024-49817?

CVE-2024-49817 is a significant local privilege escalation vulnerability found in IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1. This flaw arises from the application's insecure handling of user credentials, which are stored in configuration files. These files can be accessed by local privileged users, potentially allowing them to exploit the vulnerability to gain unauthorized access to sensitive information. It is crucial for organizations utilizing these versions to implement recommendations from IBM's support resources to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.ibm.com/support/pages/node/7175067

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 17, 2024

JSON

IBM

What is CVE-2024-49817?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.