IBM Security Guardium Key Lifecycle Manager
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Security Guardium Key Lifecycle Manager.
By the Year
In 2026 there have been 0 vulnerabilities in IBM Security Guardium Key Lifecycle Manager. Security Guardium Key Lifecycle Manager did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 9 | 6.54 |
| 2023 | 3 | 6.10 |
| 2022 | 0 | 0.00 |
| 2021 | 4 | 4.70 |
It may take a day or so for new Security Guardium Key Lifecycle Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Security Guardium Key Lifecycle Manager Security Vulnerabilities
IBM Security Guardium Key Lifecycle Manager HSTS Misconfiguration Information Disclosure Vulnerabili
CVE-2024-49820
3.7 - Low
- December 17, 2024
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Cleartext Transmission of Sensitive Information
IBM Security Guardium Key Lifecycle Manager Cleartext Communication Channel Vulnerability
CVE-2024-49819
7.5 - High
- December 17, 2024
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.
Cleartext Transmission of Sensitive Information
IBM Security Guardium Key Lifecycle Manager Sensitive Information Disclosure Vulnerability
CVE-2024-49818
4.3 - Medium
- December 17, 2024
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Generation of Error Message Containing Sensitive Information
IBM Security Guardium Key Lifecycle Manager Local Privilege Escalation via Credential Exposure
CVE-2024-49817
4.4 - Medium
- December 17, 2024
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.
Insufficiently Protected Credentials
IBM Security Guardium Key Lifecycle Manager: Local Privilege Escalation via Sensitive Information in
CVE-2024-49816
4.4 - Medium
- December 17, 2024
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.
Insertion of Sensitive Information into Log File
IBM Guardium KLM XML External Entity (XXE) in XML Parser 3.0-4.1.1
CVE-2023-25926
8.2 - High
- February 29, 2024
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 247599.
XXE
Guardium Key Lifecycle Manager 3.x-4.1: File Upload (CVE-2023-25921)
CVE-2023-25921
8.8 - High
- February 29, 2024
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.
Remote Cmd Exec in IBM Guardium KLM 3.04.1 via Auth Req
CVE-2023-25925
8.8 - High
- February 28, 2024
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.
Shell injection
Automatic File Processing RCE in IBM Guardium KLM 3.0-4.1.1
CVE-2023-25922
8.8 - High
- February 28, 2024
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621.
Unrestricted File Upload
IBM Guardium KLM 3.x-4.x DOS via Unauthorized File Upload
CVE-2023-25923
7.5 - High
- March 21, 2023
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629.
AuthZ
IBM Guardium Key Lifecycle Manager 3.0-4.1.1 Leaks Credentials in Plain Text
CVE-2023-25686
5.5 - Medium
- March 21, 2023
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601.
Insufficiently Protected Credentials
IBM Guardium Key Lifecycle Manager 3.x-4.1 Directory Traversal via /../ in URLs
CVE-2023-25689
5.3 - Medium
- March 21, 2023
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247618.
Directory traversal
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms
CVE-2021-38984
7.5 - High
- November 15, 2021
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793.
Inadequate Encryption Strength
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates
CVE-2021-38985
4.3 - Medium
- November 12, 2021
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Improper Input Validation
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates
CVE-2021-38973
2.7 - Low
- November 12, 2021
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Improper Input Validation
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates
CVE-2021-38972
4.3 - Medium
- November 12, 2021
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Security Guardium Key Lifecycle Manager or by IBM? Click the Watch button to subscribe.
