What is the severity of CVE-2023-25926?

The severity of CVE-2023-25926 is significant due to its potential for XML External Entity Injection, allowing attackers to expose sensitive information.

How do I fix CVE-2023-25926?

To fix CVE-2023-25926, update to the latest patched version of IBM Security Guardium Key Lifecycle Manager.

Which versions of IBM Security Guardium Key Lifecycle Manager are affected by CVE-2023-25926?

Versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 of IBM Security Guardium Key Lifecycle Manager are affected by CVE-2023-25926.

What kind of attack does CVE-2023-25926 enable?

CVE-2023-25926 enables XML External Entity Injection attacks, which can lead to the disclosure of sensitive data.

Can a remote attacker exploit CVE-2023-25926?

Yes, a remote attacker can exploit CVE-2023-25926 to expose sensitive information or consume memory resources.

Vulnerability/
CVE-2023-25926

high

8.2

CWE

611

9/3/2023

29/2/2024

13/12/2024

CVE-2023-25926: IBM Security Guardium Key Lifecycle Manager XML external entity injection

First published: Thu Mar 09 2023(Updated: )

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 247599.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Guardium Key Lifecycle Manager	<=3.0
IBM Security Guardium Key Lifecycle Manager	<=3.0.1
IBM Security Guardium Key Lifecycle Manager	<=4.0
IBM Security Guardium Key Lifecycle Manager	<=4.1
IBM Security Guardium Key Lifecycle Manager	<=4.1.1
All of
IBM Security Guardium Key Lifecycle Manager	>=3.0.0<4.1.1.7
Any of
IBM AIX
Linux Kernel
Microsoft Windows Operating System

Remedy

https://www.ibm.com/support/pages/node/6964516

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6964516

Frequently Asked Questions

What is the severity of CVE-2023-25926?
The severity of CVE-2023-25926 is significant due to its potential for XML External Entity Injection, allowing attackers to expose sensitive information.
How do I fix CVE-2023-25926?
To fix CVE-2023-25926, update to the latest patched version of IBM Security Guardium Key Lifecycle Manager.
Which versions of IBM Security Guardium Key Lifecycle Manager are affected by CVE-2023-25926?
Versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 of IBM Security Guardium Key Lifecycle Manager are affected by CVE-2023-25926.
What kind of attack does CVE-2023-25926 enable?
CVE-2023-25926 enables XML External Entity Injection attacks, which can lead to the disclosure of sensitive data.
Can a remote attacker exploit CVE-2023-25926?
Yes, a remote attacker can exploit CVE-2023-25926 to expose sensitive information or consume memory resources.

agent/type
agent/first-publish-date
agent/references
agent/weakness
agent/title
agent/description
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/remedy
agent/trending
agent/source
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
vendor/ibm
canonical/ibm security guardium key lifecycle manager
version/ibm security guardium key lifecycle manager/3.0
version/ibm security guardium key lifecycle manager/3.0.1
version/ibm security guardium key lifecycle manager/4.0
version/ibm security guardium key lifecycle manager/4.1
version/ibm security guardium key lifecycle manager/4.1.1
version/ibm security guardium key lifecycle manager/3.0.0
canonical/ibm aix
vendor/linux
canonical/linux kernel
vendor/microsoft
canonical/microsoft windows operating system