CVE-2023-47702
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2023-47702 is a new vulnerability affecting IBM Security Guardium Key Lifecycle Manager version 4.3. This issue grants remote attackers the ability to traverse directories on the system by manipulating specially crafted URL requests. By sending such requests with "dot dot" sequences (/../), attackers can potentially view and modify files on the system, posing a significant security risk. IBM's X-Force has assigned the ID 271196 to this vulnerability. Organizations using the affected version of IBM Security Guardium Key Lifecycle Manager are advised to apply the necessary patches or updates to mitigate this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- IBM Security Guardium Key Lifecycle Manager
Affected Vendors
- IBM Corporation