IBM2A9D2BF67143F892B0BB7E1D50CC1C60AFD93EC83428F76A1BCFE4560E380F00Security Bulletin: IBM Security Key Lifecycle Manager is affected by information exposure (CVE-2019-4514)
0.001 Low
EPSS
Percentile
28.1%
Summary
IBM Security Key Lifecycle Manager discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
Vulnerability Details
CVEID: CVE-2019-4514 DESCRIPTION: IBM Tivoli Key Lifecycle Manager discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165136> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM Security Key Lifecycle Manager v2.6 - 2.6.0.5
IBM Security Key Lifecycle Manager: v2.7 - 2.7.0.4
IBM Security Key Lifecycle Manager (SKLM) v3.0 - v3.0.0.2
IBM Security Key Lifecycle Manager (SKLM) v3.0.1- v3.0.1.1
Remediation/Fixes
Product
| Remediation/First Fix
—|—
IBM Security Key Lifecycle Manager | 2.6.0-ISS-SKLM-FP0006
IBM Security Key Lifecycle Manager |
IBM Security Key Lifecycle Manager | 3.0.0-ISS-SKLM-FP0003
IBM Security Key Lifecycle Manager | 3.0.1-ISS-SKLM-FP0002
Related
0.001 Low
EPSS
Percentile
28.1%