Cross site scripting

2021-11-1516:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

19.8%

JSON

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212791.

CPENameOperatorVersion
security_guardium_key_lifecycle_managereq4.1.0
security_guardium_key_lifecycle_managereq4.1.0.1
security_guardium_key_lifecycle_managereq4.1.1
security_key_lifecycle_managerge3.0
security_key_lifecycle_managerle3.0.0.4
security_key_lifecycle_managerge3.0.1
security_key_lifecycle_managerle3.0.1.5
security_key_lifecycle_managerge4.0
security_key_lifecycle_managerle4.0.0.3
security_key_lifecycle_managereq4.1.0

Name	Operator	Version
security_guardium_key_lifecycle_manager	eq	4.1.0
security_guardium_key_lifecycle_manager	eq	4.1.0.1
security_guardium_key_lifecycle_manager	eq	4.1.1
security_key_lifecycle_manager	ge	3.0
security_key_lifecycle_manager	le	3.0.0.4
security_key_lifecycle_manager	ge	3.0.1
security_key_lifecycle_manager	le	3.0.1.5
security_key_lifecycle_manager	ge	4.0
security_key_lifecycle_manager	le	4.0.0.3
security_key_lifecycle_manager	eq	4.1.0