CVE-2023-26270: IBM Security Guardium Data Encryption code execution
First published: Tue Apr 25 2023(Updated: )
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.
Credit: psirt@us.ibm.com psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Guardium Cloud Key Manager | <=1.10.3 | |
| <=1.10.3 and lower |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/first-publish-date
- agent/title
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- agent/softwarecombine
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- vendor/ibm
- canonical/ibm guardium cloud key manager
- version/ibm guardium cloud key manager/1.10.3
- canonical/ibm 1.10.3 and lower
- version/ibm 1.10.3 and lower/1.10.3 and lower