IBMD081A56520746F552150E915221ACAE4C0CDB3906087DC2E6D2E1B6D73125B4ESecurity Bulletin: Application error in IBM Security Guardium Key Lifecycle Manager on containerized platform(CVE-2021-38980)
0.001 Low
EPSS
Percentile
41.7%
Summary
Application error in IBM Security Guardium Key Lifecycle Manager on containerized platform(CVE-2021-38980)
Vulnerability Details
CVEID:CVE-2021-38980
**DESCRIPTION:**IBM Tivoli Key Lifecycle Manager could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212786 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Affected Version(s) (Containerized Platform) |
|---|---|
| IBM Security Guardium Key Lifecycle Manager | 4.1.0 - 4.1.0.1 |
| IBM Security Guardium Key Lifecycle Manager | 4.1.1 |
Remediation/Fixes
Affected Product(s) | Affected Version(s) (Containerized Platform) |
Fixed Version(s)
(Containerized Platform)
—|—|—
IBM Security Guardium Key Lifecycle Manager | 4.1.0 - 4.1.0.1 | 4.1.0.2 and above (Linux PPC, zLinux (IBM Z), x86_64)
IBM Security Guardium Key Lifecycle Manager | 4.1.1 | 4.1.1.1 and above (Linux PPC, zLinux (IBM Z), x86_64)
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security guardium key lifecycle manager | eq | 4.1.0 | |
| ibm security guardium key lifecycle manager | eq | 4.1.1 |
Related
0.001 Low
EPSS
Percentile
41.7%