PT-2023-6903 · Ibm · Ibm Guardium Cloud Key Manager+1
Ben Goodspeed
+8
·
Published
2023-05-17
·
Updated
2023-08-30
·
CVE-2023-26270
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) version 1.10.3)
Description
The issue is caused by an angular template injection flaw, allowing a remote attacker to execute arbitrary code on the system by sending a specially crafted request.
Recommendations
For IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) version 1.10.3), consider disabling the angular template injection functionality until a patch is available. Restrict access to the system to minimize the risk of exploitation. Avoid using specially crafted requests in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Guardium Cloud Key Manager
Ibm Security Guardium Data Encryption