IBM Security Key Lifecycle Manager uses incomplete blocklisting for input validation which allows attackers to bypass application
controls resulting in direct impact to the system and data integrity.
CVEID: CVE-2018-1749 DESCRIPTION: IBM Tivoli Key Lifecycle Manager uses incomplete blocklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148484> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
IBM Security Key Lifecycle Manager v2.6 - 2.6.0.4
IBM Security Key Lifecycle Manager: v2.7 - 2.7.0.3
IBM Security Key Lifecycle Manager: v3.0- 3.0.0.1
Product | VRMF | Remediation/First Fix |
---|---|---|
IBM Security Key Lifecycle Manager | 2.6 - 2.6.0.4 |
2.6.0-ISS-SKLM-FP0005
IBM Security Key Lifecycle Manager | 2.7- 2.7.0.3 | 2.7.0-ISS-SKLM-FP0004
IBM Security Key Lifecycle Manager | 3.0- 3.0.0.1 | 3.0.0-ISS-SKLM-FP0002