CVE-2023-25923

Опубликовано: 21 мар. 2023

Источник: nvd

CVSS3: 2.7

CVSS3: 7.5

EPSS Низкий

Описание

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/247629
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6962729
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/247629
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6962729
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:security_key_lifecycle_manager:3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_key_lifecycle_manager:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_key_lifecycle_manager:4.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_key_lifecycle_manager:4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00052

Низкий

2.7 Low

CVSS3

7.5 High

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-3887-7vpg-g78m

CVSS3: 7.5

github

почти 3 года назад

EPSS

Процентиль: 16%

0.00052

Низкий

2.7 Low

CVSS3

7.5 High

CVSS3

Дефекты

CWE-863