IBME937BF2A27E85774F18FDD3D9DA8866F644478036DE19E8DBF546CB765BC1C00Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Hazardous Input Validation ( CVE-2018-1749)
EPSS
Percentile
20.7%
Summary
IBM Security Key Lifecycle Manager uses incomplete blocklisting for input validation which allows attackers to bypass application
controls resulting in direct impact to the system and data integrity.
Vulnerability Details
CVEID: CVE-2018-1749 DESCRIPTION: IBM Tivoli Key Lifecycle Manager uses incomplete blocklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148484> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
IBM Security Key Lifecycle Manager v2.6 - 2.6.0.4
IBM Security Key Lifecycle Manager: v2.7 - 2.7.0.3
IBM Security Key Lifecycle Manager: v3.0- 3.0.0.1
Remediation/Fixes
| Product | VRMF | Remediation/First Fix |
|---|---|---|
| IBM Security Key Lifecycle Manager | 2.6 - 2.6.0.4 |
2.6.0-ISS-SKLM-FP0005
IBM Security Key Lifecycle Manager | 2.7- 2.7.0.3 | 2.7.0-ISS-SKLM-FP0004
IBM Security Key Lifecycle Manager | 3.0- 3.0.0.1 | 3.0.0-ISS-SKLM-FP0002
Related
EPSS
Percentile
20.7%