Local Privilege Escalation in IBM Security Guardium Key Lifecycle Manager
CVE-2024-49817

4.4MEDIUM

Key Information:

Vendor
IBM
Status
Security Guardium Key Lifecycle Manager
Vendor
CVE Published:
17 December 2024

Summary

CVE-2024-49817 is a significant local privilege escalation vulnerability found in IBM Security Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2.0, and 4.2.1. This flaw arises from the application's insecure handling of user credentials, which are stored in configuration files. These files can be accessed by local privileged users, potentially allowing them to exploit the vulnerability to gain unauthorized access to sensitive information. It is crucial for organizations utilizing these versions to implement recommendations from IBM's support resources to mitigate the risks associated with this vulnerability.

References

https://www.ibm.com/support/pages/node/7175067

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD Database
.