IBM14589F5ED3B24004315DB743B43B07D5ACDDC83EDC80458851E38237A61AB492Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross Site Scripting (CVE-2016-6096)
0.001 Low
EPSS
Percentile
30.9%
Summary
IBM Security Key Lifecycle Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Vulnerability Details
CVEID: CVE-2016-6096**
DESCRIPTION:** IBM Tivoli Key Lifecycle Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118175 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
IBM Tivoli Key Lifecycle Manager: v2.0.1 - 2.0.1.8
IBM Security Key Lifecycle Manager: v2.5 - 2.5.0.7
IBM Security Key Lifecycle Manager v2.6 - 2.6.0.2
Remediation/Fixes
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Tivoli Key Lifecycle Manager| 2.0.1 - 2.0.1.8| 2.0.1-ISS-TKLM-FP0009
IBM Security Key Lifecycle Manager| 2.5 - 2.5.0.7| 2.5.0-ISS-SKLM-FP0008
IBM Security Key Lifecycle Manager| 2.6- 2.6.0.2| 2.6.0-ISS-SKLM-FP0003
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
30.9%