CVE-2023-25924Incorrect Authorization in IBM Security KEY Lifecycle Manager

CWE-863Incorrect Authorization3 documents3 sources
Severity
8.8HIGHNVD
CNA5.4
EPSS
0.1%
top 70.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security KEY Lifecycle Manager
Timeline
PublishedMar 22

Description

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/security_key_lifecycle_manager3.0, 3.0.1, 4.0, 4.1 , 4.1.1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-7733-wh9m-x4gj: IBM Security Guardium Key Lifecycle Manager 32023-03-22
CVEList
IBM Security Key Lifecycle Manager improper authorization2023-03-21
CVE-2023-25924 — Incorrect Authorization in IBM | cvebase