Security Bulletin: Application error in IBM Security Guardium Key Lifecycle Manager 4.1.1 (CVE-2021-38981)

2021-11-1206:30:02

www.ibm.com

0.001 Low

EPSS

Percentile

41.7%

JSON

Summary

Application error in IBM Security Guardium Key Lifecycle Manager 4.1.1 (CVE-2021-38981).

Vulnerability Details

CVEID:CVE-2021-38981
**DESCRIPTION:**IBM Tivoli Key Lifecycle Manager could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212788 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Affected Version(s)
IBM Security Key Lifecycle Manager	3.0 - 3.0.0.4
IBM Security Key Lifecycle Manager	3.0.1 - 3.0.1.5
IBM Security Key Lifecycle Manager	4.0 - 4.0.0.3
IBM Security Guardium Key Lifecycle Manager	4.1.0 - 4.1.0.1
IBM Security Guardium Key Lifecycle Manager	4.1.1

Remediation/Fixes

It is fixed in 4.1.1 - Fix Pack 1

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security key lifecycle managereq3.0
ibm security key lifecycle managereq3.0.1
ibm security key lifecycle managereq4.0
ibm security key lifecycle managereq4.1

Name	Operator	Version
ibm security key lifecycle manager	eq	3.0
ibm security key lifecycle manager	eq	3.0.1
ibm security key lifecycle manager	eq	4.0
ibm security key lifecycle manager	eq	4.1

0.001 Low

EPSS

Percentile

41.7%

JSON

Related for D05B1484E8B9E2E421126A94E3DD33FE6B1EBDAC1ABF4E170453E18A7FC336FF