Sensitive Data Exposure in IBM Security Guardium Key Lifecycle Manager
CVE-2024-49819

7.5HIGH

Key Information:

Vendor: IBM
Status: Security Guardium Key Lifecycle Manager
Vendor: CVE Published:; 17 December 2024

Summary

CVE-2024-49819 is a critical vulnerability found in specific versions of IBM Security Guardium Key Lifecycle Manager, namely 4.1, 4.1.1, 4.2.0, and 4.2.1. This vulnerability allows a remote attacker to intercept and retrieve sensitive information transmitted in cleartext over insecure communication channels. Unauthorized access to such data poses significant risks, including data breaches and unauthorized disclosure of sensitive corporate information. It is crucial for users of the affected products to apply necessary patches and security measures to mitigate potential threats. For detailed guidance, refer to IBM's support page.

References

https://www.ibm.com/support/pages/node/7175067

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 17, 2024

Collectors

NVD Database