CVE-2024-49820

CWE-319Cleartext Transmission3 documents3 sources
Severity
3.7LOW
EPSS
0.0%
top 91.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Guardium KEY Lifecycle Manager
Timeline
PublishedDec 17

Description

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/security_guardium_key_lifecycle_manager4.1, 4.1.1, 4.2.0, 4.2.1

🔴Vulnerability Details

2
GHSA
GHSA-7m58-crjp-grq7: IBM Security Guardium Key Lifecycle Manager 42024-12-17
CVEList
IBM Security Guardium Key Lifecycle Manager information disclosure2024-12-17
CVE-2024-49820 (LOW CVSS 3.7) | IBM Security Guardium Key Lifecycle | cvebase.io