Remote Information Disclosure Vulnerability in IBM Security Guardium Key Lifecycle Manager
CVE-2024-49820

3.7LOW

Key Information:

Vendor: IBM
Status: Security Guardium Key Lifecycle Manager
Vendor: CVE Published:; 17 December 2024

What is CVE-2024-49820?

CVE-2024-49820 is a critical vulnerability affecting specific versions of IBM Security Guardium Key Lifecycle Manager. This issue arises from the improper enforcement of HTTP Strict Transport Security (HSTS), which could allow remote attackers to exploit the system using man-in-the-middle techniques. Such an exploit could lead to the unauthorized disclosure of sensitive information, putting organizations at risk. It is vital for users of affected versions (4.1, 4.1.1, 4.2.0, 4.2.1) to apply patches and strengthen their security configurations to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.ibm.com/support/pages/node/7175067

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 17, 2024

JSON

IBM

What is CVE-2024-49820?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.