CVE-2023-25924

Опубликовано: 22 мар. 2023

Источник: nvd

CVSS3: 5.4

CVSS3: 8.8

EPSS Низкий

Описание

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/247630
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6962729
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/247630
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6962729
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:security_key_lifecycle_manager:3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_key_lifecycle_manager:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_key_lifecycle_manager:4.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_key_lifecycle_manager:4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00086

Низкий

5.4 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-7733-wh9m-x4gj

CVSS3: 8.8

github

почти 3 года назад

EPSS

Процентиль: 25%

0.00086

Низкий

5.4 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-863