Hazardous input validation in IBM Security Guardium Key Lifecycle Manager (CVE-2021-38973).
CVEID:CVE-2021-38973
**DESCRIPTION:**IBM Tivoli Key Lifecycle Manager receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CVSS Base score: 2.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212778 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N)
Affected Product(s) | Affected Version(s) |
---|---|
IBM Security Key Lifecycle Manager | 3.0 - 3.0.0.4 |
IBM Security Key Lifecycle Manager| 3.0.1 - 3.0.1.5
IBM Security Key Lifecycle Manager| 4.0 - 4.0.0.3
IBM Security Guardium Key Lifecycle Manager
| 4.1.0 - 4.1.0.1
IBM Security Guardium Key Lifecycle Manager| 4.1.1
It is fixed in 4.1.1 - Fix Pack 1
None