First published: Thu Mar 09 2023(Updated: )
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Guardium Key Lifecycle Manager | <=3.0 | |
IBM Security Guardium Key Lifecycle Manager | <=3.0.1 | |
IBM Security Guardium Key Lifecycle Manager | <=4.0 | |
IBM Security Guardium Key Lifecycle Manager | <=4.1 | |
IBM Security Guardium Key Lifecycle Manager | <=4.1.1 | |
IBM Security Guardium Key Lifecycle Manager | =3.0 | |
IBM Security Guardium Key Lifecycle Manager | =3.0.1 | |
IBM Security Guardium Key Lifecycle Manager | =4.0 | |
IBM Security Guardium Key Lifecycle Manager | =4.1 | |
IBM Security Guardium Key Lifecycle Manager | =4.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-25684 is a vulnerability in IBM Security Guardium Key Lifecycle Manager that allows remote attackers to perform SQL injection attacks.
CVE-2023-25684 has a severity rating of 9.8 out of 10, which is classified as critical.
IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 are affected by CVE-2023-25684.
CVE-2023-25684 allows remote attackers to send specially crafted SQL statements, which can lead to unauthorized viewing, adding, modifying, or deleting of information in the back-end database of IBM Security Guardium Key Lifecycle Manager.
To fix CVE-2023-25684, it is recommended to apply the latest security patches and updates provided by IBM for the affected versions of IBM Security Guardium Key Lifecycle Manager.