2023-02-16 17:00:35 +00:00
{
2024-02-29 01:00:33 +00:00
"data_version" : "4.0" ,
2023-02-16 17:00:35 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2023-25921" ,
2024-02-29 01:00:33 +00:00
"ASSIGNER" : "psirt@us.ibm.com" ,
"STATE" : "PUBLIC"
2023-02-16 17:00:35 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2024-02-29 01:00:33 +00:00
"value" : "\nIBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.\n\n"
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-434 Unrestricted Upload of File with Dangerous Type" ,
"cweId" : "CWE-434"
}
]
}
]
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM" ,
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium Key Lifecycle Manager" ,
"version" : {
"version_data" : [
{
"version_affected" : "=" ,
"version_value" : "3.0, 3.0.1, 4.0, 4.1, 4.1.1"
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6964516" ,
"refsource" : "MISC" ,
"name" : "https://www.ibm.com/support/pages/node/6964516"
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/247620" ,
"refsource" : "MISC" ,
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/247620"
}
]
} ,
"generator" : {
"engine" : "Vulnogram 0.1.0-dev"
} ,
"source" : {
"discovery" : "UNKNOWN"
} ,
"impact" : {
"cvss" : [
{
"attackComplexity" : "HIGH" ,
"attackVector" : "NETWORK" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 8.5 ,
"baseSeverity" : "HIGH" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"privilegesRequired" : "LOW" ,
"scope" : "CHANGED" ,
"userInteraction" : "NONE" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" ,
"version" : "3.1"
2023-02-16 17:00:35 +00:00
}
]
}
}
