CVE-2024-49816

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-49816

CWE

https://cwe.mitre.org/data/definitions/532.html

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name	Vendor	Start Version	End Version
Security_guardium_key_lifecycle_manager	Ibm	4.1.0 (including)	4.1.0 (including)
Security_guardium_key_lifecycle_manager	Ibm	4.1.1 (including)	4.1.1 (including)
Security_guardium_key_lifecycle_manager	Ibm	4.2.0 (including)	4.2.0 (including)
Security_guardium_key_lifecycle_manager	Ibm	4.2.1 (including)	4.2.1 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/215.html

References

https://www.ibm.com/support/pages/node/7175067

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References