CVE-2023-25926

HIGH WAF: High

CVSS 8.2 Published: 2024-02-29

CWE-611

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 247599.

WAF Coverage Analysis

XML External Entity (XXE) High WAF Coverage

OWASP: A05:2021 Security Misconfiguration

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
ibm	security_guardium_key_lifecycle_manager	3.0.0 - 4.1.1.7

References

exchange.xforce.ibmcloud.com (VDB Entry)
www.ibm.com (Patch, Vendor Advisory)

Back to CVE Database