IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the applications security mechanisms.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Guardium_key_lifecycle_manager | Ibm | 4.1.0 (including) | 4.1.0 (including) |
| Guardium_key_lifecycle_manager | Ibm | 4.1.1 (including) | 4.1.1 (including) |
| Guardium_key_lifecycle_manager | Ibm | 4.2.0 (including) | 4.2.0 (including) |
| Guardium_key_lifecycle_manager | Ibm | 4.2.1 (including) | 4.2.1 (including) |
| Guardium_key_lifecycle_manager | Ibm | 5.0.0 (including) | 5.0.0 (including) |
| Guardium_key_lifecycle_manager | Ibm | 5.1.0 (including) | 5.1.0 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html