Summary Multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilities have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2. Vulnerability Details CVEID: CVE-2023-25689 Description: IBM Security Guardium Key Lifecycle Manager could allow a remote attacker to traverse directories on the system. CVSS Base Score: 2.7 CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2023-25924 Description: IBM Security Guardium Key Lifecycle Manager could allow an authenticated user to perform actions that they should not have access to due to improper authorization. CVSS Base Score: 5.4 CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) CVEID: CVE-2023-25687 Description: IBM Security Guardium Key Lifecycle Manager could allow an authenticated user to obtain sensitive information from log files. CVSS Base Score: 4.3 CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2023-25688 Description: IBM Security Guardium Key Lifecycle Manager could allow a remote attacker to traverse directories on the system. CVSS Base Score: 4.3 CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2023-25923 Description: IBM Security Guardium Key Lifecycle Manager could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. CVSS Base Score: 2.7 CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2023-25686 Description: IBM Security Guardium Key Lifecycle Manager stores user credentials in plain clear text which can be read by a local user. CVSS Base Score: 6.2 CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2023-25684 Description: IBM Security Guardium Key Lifecycle Manager is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. CVSS Base Score: 6.5 CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions Remediation/Fixes