CVE-2023-25686Insufficiently Protected Credentials in IBM Security KEY Lifecycle Manager

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.2
EPSS
0.0%
top 86.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security KEY Lifecycle Manager
Timeline
PublishedMar 21

Description

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/security_key_lifecycle_manager3.0, 3.0.1, 4.0, 4.1, 4.1.1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM Security Key Lifecycle Manager information disclosure2023-03-21
GHSA
GHSA-gqcm-cc6q-qvph: IBM Security Guardium Key Lifecycle Manager 32023-03-21
CVE-2023-25686 — Insufficiently Protected Credentials | cvebase