CVE-2023-25921 - Vulnerability Details - OpenCVE

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix Security Guardium Key Lifecycle Manager
Linux	Linux Kernel
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/247620
https://www.ibm.com/support/pages/node/6964516

History

Fri, 13 Dec 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm Ibm aix Ibm security Guardium Key Lifecycle Manager Linux Linux linux Kernel Microsoft Microsoft windows
CPEs		cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:::::::: cpe:2.3:o:ibm:aix:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Ibm Ibm aix Ibm security Guardium Key Lifecycle Manager Linux Linux linux Kernel Microsoft Microsoft windows

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-02-29T00:36:01.872Z

Updated: 2024-08-26T19:14:39.214Z

Reserved: 2023-02-16T16:39:45.211Z

Link: CVE-2023-25921

Vulnrichment

Updated: 2024-08-02T11:32:12.756Z

NVD

Status : Analyzed

Published: 2024-02-29T01:38:24.113

Modified: 2024-12-13T20:53:05.783

Link: CVE-2023-25921

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25921", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-02-16T16:39:45.211Z", "datePublished": "2024-02-29T00:36:01.872Z", "dateUpdated": "2024-08-26T19:14:39.214Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Security Guardium Key Lifecycle Manager", "vendor": "IBM", "versions": [{"status": "affected", "version": "3.0, 3.0.1, 4.0, 4.1, 4.1.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.</span>\n\n"}], "value": "\nIBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-02-29T00:36:01.872Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/6964516"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247620"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Security Guardium Key Lifecycle Manager file upload", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "ibm", "product": "security_guardium_key_lifecycle_manager", "cpes": ["cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0", "status": "affected"}, {"version": "3.0.1", "status": "affected"}, {"version": "4.0", "status": "affected"}, {"version": "4.1.0", "status": "affected"}, {"version": "4.1.1", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-26T19:12:55.306377Z", "id": "CVE-2023-25921", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T19:14:39.214Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:32:12.756Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6964516"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247620", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/6964516", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247620", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:32:12.756Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25921", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-26T19:12:55.306377Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "security_guardium_key_lifecycle_manager", "versions": [{"status": "affected", "version": "3.0"}, {"status": "affected", "version": "3.0.1"}, {"status": "affected", "version": "4.0"}, {"status": "affected", "version": "4.1.0"}, {"status": "affected", "version": "4.1.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.579Z"}}], "cna": {"title": "IBM Security Guardium Key Lifecycle Manager file upload", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBM", "product": "Security Guardium Key Lifecycle Manager", "versions": [{"status": "affected", "version": "3.0, 3.0.1, 4.0, 4.1, 4.1.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/6964516", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247620"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nIBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-02-29T00:36:01.872Z"}}}, "cveMetadata": {"cveId": "CVE-2023-25921", "state": "PUBLISHED", "dateUpdated": "2024-08-26T19:14:39.214Z", "dateReserved": "2023-02-16T16:39:45.211Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-02-29T00:36:01.872Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD8F66D0-AC3B-493B-9774-5374B1B22E10", "versionEndExcluding": "4.1.1.7", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nIBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.\n\n"}, {"lang": "es", "value": "IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 y 4.1.1 permite al atacante cargar o transferir archivos de tipos peligrosos que pueden procesarse autom\u00e1ticamente dentro del entorno del producto. ID de IBM X-Force: 247620."}], "id": "CVE-2023-25921", "lastModified": "2024-12-13T20:53:05.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-29T01:38:24.113", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247620"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6964516"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247620"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6964516"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}