threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm security guardium key lifecycle manager
Product
ibm security guardium key lifecycle manager
29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-49820
all versions
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive inform
3.7
LOW
CVE-2024-49819
all versions
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive inform
4.1
MEDIUM
CVE-2024-49818
all versions
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive infor
4.3
MEDIUM
CVE-2024-49817
all versions
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can
4.4
MEDIUM
CVE-2024-49816
all versions
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files th
4.9
MEDIUM
CVE-2023-25926
>= 3.0.0 and < 4.1.1.7
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE
5.5
MEDIUM
CVE-2023-25921
>= 3.0.0 and < 4.1.1.7
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dan
8.5
HIGH
CVE-2023-25925
>= 3.0.0 and < 4.1.1.7
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute
8.5
HIGH
CVE-2023-25922
>= 3.0.0 and < 4.1.1.7
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dan
4.3
MEDIUM
CVE-2023-47707
>= 4.2.0 and <= 4.2.0.2
IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed ar
5.4
MEDIUM
CVE-2023-47705
>= 4.2.0 and < 4.2.0.2
IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper inpu
4.3
MEDIUM
CVE-2023-47703
>= 4.2.0 and < 4.2.0.2
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed tech
5.3
MEDIUM
CVE-2023-47702
>= 4.2.0 and < 4.2.0.2
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker c
4.3
MEDIUM
CVE-2023-47706
>= 4.2.0 and < 4.2.0.2
IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X
6.6
MEDIUM
CVE-2023-47704
>= 4.2.0 and < 4.2.0.2
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code reposit
4.0
MEDIUM
CVE-2021-38980
>= 4.1.0 and <= 4.1.0.1
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attac
5.3
MEDIUM
CVE-2021-38984
>= 4.1.0 and <= 4.1.0.1
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an a
7.5
HIGH
CVE-2021-38983
all versions
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an a
7.5
HIGH
CVE-2021-38982
all versions
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users t
5.4
MEDIUM
CVE-2021-38981
all versions
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a det
5.3
MEDIUM
CVE-2021-38979
all versions
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be re
7.5
HIGH
CVE-2021-38978
all versions
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by
5.9
MEDIUM
CVE-2021-38977
all versions
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session coo
4.3
MEDIUM
CVE-2021-38976
all versions
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local
5.5
MEDIUM
CVE-2021-38975
all versions
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to obtain sensitive information fro
6.5
MEDIUM
CVE-2021-38974
all versions
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using spe
6.5
MEDIUM
CVE-2021-38985
>= 4.1.0 and <= 4.1.0.1
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validate
4.3
MEDIUM
CVE-2021-38973
>= 4.1.0 and <= 4.1.0.1
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validate
2.7
LOW
CVE-2021-38972
>= 4.1.0 and <= 4.1.0.1
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validate
4.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin