Description
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.
Published: 2026-04-22
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 suffer from privilege‑escalation flaws that allow an attacker who has previously been demoted or lacks proper permissions to perform administrative operations. Such unauthorized users can access sensitive data, modify system configurations, or alter permissions for other users. These weaknesses undermine administrative controls and could lead to data breaches, system compromise, and a loss of trust in the application’s security mechanisms. The associated CWE‑269 categorizes the vulnerability as a weakness in privilege management.

Affected Systems

The affected product is IBM Guardium Key Lifecycle Manager. Versions impacted include 4.1.0, 4.1.1, 4.2.0, 4.2.1, 5.0.0, and 5.1.0, as well as all corresponding 4.x and 5.x sub‑versions identified in the supplied CPE strings.

Risk and Exploitability

The CVSS base score of 4.8 indicates a moderate severity, while the EPSS score of less than 1% reflects a very low likelihood of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Because no attack vector is specified in the CVE data, the likely exploitation path is inferred from the CWE‑269 association and would require some form of authenticated or elevated access to the Key Lifecycle Manager service.

Generated by OpenCVE AI on June 11, 2026 at 20:32 UTC.

Remediation

Vendor Solution

IBM encourages customers to update their systems promptly.  Principal Product and Version(s)Remediation/FixesIBM Guardium Key Lifecycle Manager (GKLM) v4.1 1. Download IBM Guardium Key Lifecycle Manager  https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions

OpenCVE Recommended Actions

  • Download and install IBM Guardium Key Lifecycle Manager v4.1 from the IBM support site: https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions
  • Verify that only authorized administrators can access key‑management APIs and enforce correct role assignments
  • Enable and review audit logging for key‑management operations to detect abnormal activity

Generated by OpenCVE AI on June 11, 2026 at 20:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Description IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.

Mon, 27 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Thu, 23 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1
Title Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager
First Time appeared Ibm
Ibm guardium Key Lifecycle Manager
Weaknesses CWE-269
CPEs cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm guardium Key Lifecycle Manager
References

Subscriptions

Ibm Guardium Key Lifecycle Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-11T13:46:57.418Z

Reserved: 2026-01-30T22:03:35.181Z

Link: CVE-2026-1726

cve-icon Vulnrichment

Updated: 2026-04-23T12:57:14.651Z

cve-icon NVD

Status : Modified

Published: 2026-04-23T00:16:44.920

Modified: 2026-06-17T10:16:24.320

Link: CVE-2026-1726

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T20:45:10Z

Weaknesses