CVE-2023-26270
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Guardium Cloud Key Manager | 1.10.3 | affected |
Weaknesses
- 1136 Improper Neutralization of Special Elements Used in a Template Engine
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/6995161
- https://exchange.xforce.ibmcloud.com/vulnerabilities/248119
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://www.ibm.com/support/pages/node/6995161
- https://exchange.xforce.ibmcloud.com/vulnerabilities/248119
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.