Remote Information Disclosure Vulnerability in IBM Security Guardium Key Lifecycle Manager
CVE-2024-49820

3.7LOW

Key Information:

Vendor
IBM
Status
Security Guardium Key Lifecycle Manager
Vendor
CVE Published:
17 December 2024

Summary

CVE-2024-49820 is a critical vulnerability affecting specific versions of IBM Security Guardium Key Lifecycle Manager. This issue arises from the improper enforcement of HTTP Strict Transport Security (HSTS), which could allow remote attackers to exploit the system using man-in-the-middle techniques. Such an exploit could lead to the unauthorized disclosure of sensitive information, putting organizations at risk. It is vital for users of affected versions (4.1, 4.1.1, 4.2.0, 4.2.1) to apply patches and strengthen their security configurations to mitigate this risk.

References

https://www.ibm.com/support/pages/node/7175067

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD Database
.