CVE-2023-47704

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 81.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Guardium KEY Lifecycle Manager

Timeline

PublishedDec 20

Description

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:NExploitability: 0.4 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/security_guardium_key_lifecycle_manager4.2.0 — 4.2.0.2

▶CVEListV5ibm/security_guardium_key_lifecycle_manager4.3

🔴Vulnerability Details

CVEList

IBM Security Guardium Key Lifecycle Manager information disclosure↗2023-12-20

▶

GHSA

GHSA-rg4q-3xgq-2623: IBM Security Guardium Key Lifecycle Manager 4↗2023-12-20

▶