CVE-2023-25924: IBM Security Key Lifecycle Manager improper authorization
First published: Thu Mar 09 2023(Updated: )
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Security Key Lifecycle Manager | =3.0 | |
| Ibm Security Key Lifecycle Manager | =3.0.1 | |
| Ibm Security Key Lifecycle Manager | =4.0 | |
| Ibm Security Key Lifecycle Manager | =4.1 | |
| Ibm Security Key Lifecycle Manager | =4.1.1 | |
| Ibm Security Key Lifecycle Manager | <=3.0 | |
| Ibm Security Key Lifecycle Manager | <=3.0.1 | |
| IBM Security Guardium Key Lifecycle Manager | <=4.0 | |
| IBM Security Guardium Key Lifecycle Manager | <=4.1 | |
| IBM Security Guardium Key Lifecycle Manager | <=4.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-25924?
CVE-2023-25924 is a vulnerability in IBM Security Guardium Key Lifecycle Manager that could allow an authenticated user to perform unauthorized actions.
What is the severity level of CVE-2023-25924?
CVE-2023-25924 has a severity level of high (8.8).
Which versions of IBM Security Guardium Key Lifecycle Manager are affected by CVE-2023-25924?
Versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 of IBM Security Guardium Key Lifecycle Manager are affected by CVE-2023-25924.
How can an authenticated user exploit CVE-2023-25924?
An authenticated user can exploit CVE-2023-25924 to perform actions that should not be accessible to them due to improper authorization.
Where can I find more information about CVE-2023-25924?
You can find more information about CVE-2023-25924 on the IBM X-Force ID 247630 and the IBM Support page.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/author
- agent/remedy
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/title
- agent/event
- agent/description
- agent/tags
- agent/trending
- vendor/ibm
- canonical/ibm security key lifecycle manager
- version/ibm security key lifecycle manager/3.0
- version/ibm security key lifecycle manager/3.0.1
- version/ibm security key lifecycle manager/4.0
- version/ibm security key lifecycle manager/4.1
- version/ibm security key lifecycle manager/4.1.1
- canonical/ibm security guardium key lifecycle manager
- version/ibm security guardium key lifecycle manager/4.0
- version/ibm security guardium key lifecycle manager/4.1
- version/ibm security guardium key lifecycle manager/4.1.1