CVE-2024-49818

Summary

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1

could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Affected Software

VendorProductVersion RangeStatus
IBMSecurity Guardium Key Lifecycle Manager4.1, 4.1.1, 4.2.0, 4.2.1affected

Weaknesses

  • CWE-209: CWE-209 Generation of Error Message Containing Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References