IBMABF36176088C3B4B3F0AA55C0AB4EC03938A2E19387BD54A13B5D9F660CADF43Security Bulletin: IBM Security Key Lifecycle Manager is affected by exposure of sensitive information (CVE-2016-6099)
0.001 Low
EPSS
Percentile
30.3%
Summary
IBM Security Key Lifecycle Manager has this issue where the product discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Security Key Lifecycle Manager latest fixpacks mentioned below addresses this vulnerability…
Vulnerability Details
CVEID: CVE-2016-6099**
DESCRIPTION:** IBM Tivoli Key Lifecycle Manager discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118255 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM Security Key Lifecycle Manager: v2.5 - 2.5.0.7
IBM Security Key Lifecycle Manager v2.6 - 2.6.0.2
Remediation/Fixes
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Key Lifecycle Manager| 2.5 - 2.5.0.7| 2.5.0-ISS-SKLM-FP0008
IBM Security Key Lifecycle Manager| 2.6- 2.6.0.2| 2.6.0-ISS-SKLM-FP0003
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security key lifecycle manager | eq | 2.5 | |
| ibm security key lifecycle manager | eq | 2.6 |
Related
0.001 Low
EPSS
Percentile
30.3%