PT-2023-20245 · Ibm · Ibm Security Guardium Key Lifecycle Manager
Ben Goodspeed
+8
·
Published
2023-03-21
·
Updated
2023-03-24
·
CVE-2023-25687
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Security Guardium Key Lifecycle Manager versions 3.0 through 4.1.1
Description
The issue allows an authenticated user to obtain sensitive information from log files.
Recommendations
For versions 3.0 through 4.1.1, restrict access to log files to prevent unauthorized users from obtaining sensitive information.
As a temporary workaround, consider limiting the privileges of authenticated users to minimize the risk of exploitation.
Avoid storing sensitive information in log files until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Generation of Error Message Containing Sensitive Information
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Security Guardium Key Lifecycle Manager