What is CVE-2023-25688?

CVE-2023-25688 is a vulnerability in IBM Security Guardium Key Lifecycle Manager that could allow a remote attacker to traverse directories on the system.

What is the severity of CVE-2023-25688?

The severity of CVE-2023-25688 is medium with a CVSS score of 5.3.

How does CVE-2023-25688 affect IBM Security Guardium Key Lifecycle Manager?

CVE-2023-25688 affects IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1.

Is there any additional information available about CVE-2023-25688?

Yes, you can find additional information about CVE-2023-25688 at the following references: [IBM X-Force ID: 247606](https://exchange.xforce.ibmcloud.com/vulnerabilities/247606) and [IBM Security Bulletin](https://www.ibm.com/support/pages/node/6962729).

Vulnerability/
CVE-2023-25688

medium

5.3

CWE

9/3/2023

21/3/2023

2/8/2024

CVE-2023-25688: IBM Security Key Lifecycle Manager information disclosure

Q: How can a remote attacker exploit CVE-2023-25688?

A remote attacker can exploit CVE-2023-25688 by sending a specially crafted URL request containing "dot dot" sequences (/../) to traverse directories on the system and view arbitrary files.

First published: Thu Mar 09 2023(Updated: )

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247606.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Security Key Lifecycle Manager	=3.0
Ibm Security Key Lifecycle Manager	=3.0.1
Ibm Security Key Lifecycle Manager	=4.0
Ibm Security Key Lifecycle Manager	=4.1
Ibm Security Key Lifecycle Manager	=4.1.1
	<=3.0
	<=3.0.1
	<=4.0
	<=4.1
	<=4.1.1

Remedy

https://www.ibm.com/support/pages/node/6962729

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6962729

Frequently Asked Questions

What is CVE-2023-25688?
CVE-2023-25688 is a vulnerability in IBM Security Guardium Key Lifecycle Manager that could allow a remote attacker to traverse directories on the system.
What is the severity of CVE-2023-25688?
The severity of CVE-2023-25688 is medium with a CVSS score of 5.3.
How does CVE-2023-25688 affect IBM Security Guardium Key Lifecycle Manager?
CVE-2023-25688 affects IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1.
How can a remote attacker exploit CVE-2023-25688?
A remote attacker can exploit CVE-2023-25688 by sending a specially crafted URL request containing "dot dot" sequences (/../) to traverse directories on the system and view arbitrary files.
Is there any additional information available about CVE-2023-25688?
Yes, you can find additional information about CVE-2023-25688 at the following references: [IBM X-Force ID: 247606](https://exchange.xforce.ibmcloud.com/vulnerabilities/247606) and [IBM Security Bulletin](https://www.ibm.com/support/pages/node/6962729).

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/remedy
agent/severity
agent/author
agent/title
agent/description
agent/event
agent/softwarecombine
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/tags
agent/trending
vendor/ibm
canonical/ibm security key lifecycle manager
version/ibm security key lifecycle manager/3.0
version/ibm security key lifecycle manager/3.0.1
version/ibm security key lifecycle manager/4.0
version/ibm security key lifecycle manager/4.1
version/ibm security key lifecycle manager/4.1.1
canonical/ibm security guardium key lifecycle manager
version/ibm security guardium key lifecycle manager/4.0
version/ibm security guardium key lifecycle manager/4.1
version/ibm security guardium key lifecycle manager/4.1.1