CVE-2023-25924

{"id": "CVE-2023-25924", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-03-22T06:15:10.740", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247630", "tags": ["VDB Entry", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.ibm.com/support/pages/node/6962729", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247630", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6962729", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630."}], "lastModified": "2024-11-21T07:50:25.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5744D219-B3BD-4CBA-888E-2920B5A7FD99"}, {"criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC8182ED-77F8-4931-88ED-385163DD4091"}, {"criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D815B49-CE8E-45C8-A025-509253F5252C"}, {"criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D098B3CA-E84B-42CE-ABF5-97D80864C553"}, {"criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09C04E4B-EAA5-43E8-A6F3-251ED2D6C1E8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}