Application error in IBM Security Guardium Key Lifecycle Manager on containerized platform(CVE-2021-38980)
CVEID:CVE-2021-38980
**DESCRIPTION:**IBM Tivoli Key Lifecycle Manager could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212786 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Affected Version(s) (Containerized Platform) |
---|---|
IBM Security Guardium Key Lifecycle Manager | 4.1.0 - 4.1.0.1 |
IBM Security Guardium Key Lifecycle Manager | 4.1.1 |
Affected Product(s) | Affected Version(s) (Containerized Platform) |
Fixed Version(s)
(Containerized Platform)
—|—|—
IBM Security Guardium Key Lifecycle Manager | 4.1.0 - 4.1.0.1 | 4.1.0.2 and above (Linux PPC, zLinux (IBM Z), x86_64)
IBM Security Guardium Key Lifecycle Manager | 4.1.1 | 4.1.1.1 and above (Linux PPC, zLinux (IBM Z), x86_64)
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security guardium key lifecycle manager | eq | 4.1.0 | |
ibm security guardium key lifecycle manager | eq | 4.1.1 |