CVE-2024-49820

Published Dec 17, 2024

Last updated 2 months ago

CVSS low 3.7

Overview

Description: IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Source: psirt@us.ibm.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 3.7
Impact score: 1.4
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

Weaknesses

psirt@us.ibm.com: CWE-319

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F72EFFA-6912-4148-AA54-FDD7458AAFA1"
          },
          {
            "criteria": "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7C5C5BE-7E5C-455C-80F4-5C5783086D2B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E65E3E60-1F3B-4E1E-9DF8-98BBDAC5FC94"
          },
          {
            "criteria": "cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66EB3ACF-F107-49CD-B667-36F2BF2C746D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References