PT-2023-30577 · Ibm · Ibm Security Guardium Key Lifecycle Manager

Ben Goodspeed

Publicado

2023-12-19

Atualizado

2023-12-22

CVE-2023-47704

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Security Guardium Key Lifecycle Manager version 4.2 IBM Security Guardium Key Lifecycle Manager version 4.3

Description The issue concerns the presence of plain text hard-coded credentials or other secrets in the source code repository of IBM Security Guardium Key Lifecycle Manager.

Recommendations For version 4.2, update to a version that does not contain hard-coded credentials. For version 4.3, update to a version that does not contain hard-coded credentials. As a temporary workaround, consider restricting access to the source code repository to minimize the risk of exploitation.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2023-47704

Produtos afetados

Ibm Security Guardium Key Lifecycle Manager

PT-2023-30577 · Ibm · Ibm Security Guardium Key Lifecycle Manager

CVE-2023-47704

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7