CVE-2023-25924
IBM Security Key Lifecycle Manager improper authorization
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
21 Mar 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected products
IBM · Security Key Lifecycle ManagerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →