{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-25922","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2023-02-16T16:39:45.212Z","datePublished":"2024-02-28T21:44:51.466Z","dateUpdated":"2024-08-02T11:32:12.764Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Security Guardium Key Lifecycle Manager","vendor":"IBM","versions":[{"status":"affected","version":"3.0, 3.0.1, 4.0, 4.1, 4.1.1"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.  IBM X-Force ID:  247621."}],"value":"IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.  IBM X-Force ID:  247621."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2024-02-28T21:44:51.466Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.ibm.com/support/pages/node/6964516"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/247621"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Security Guardium Key Lifecycle Manager file upload","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-12T22:29:11.357816Z","id":"CVE-2023-25922","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-12T22:29:23.589Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T11:32:12.764Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.ibm.com/support/pages/node/6964516"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/247621","tags":["x_transferred"]}]}]}}