2 matches found
Security Bulletin: IBM Security Key Lifecycle Manager is affected by upload of files of dangerous types (CVE-2016-6104)
Summary IBM Security Lifecycle Manager allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Vulnerability Details CVEID: CVE-2016-6104 DESCRIPTION: IBM Tivoli Key Lifecycle Manager could allow a remote attacker to...
CVE-2016-6104
IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) versions 2.5 (2.5.0.7 fixes) and 2.6 (2.6.0.2 fixes) are affected by CVE-2016-6104. The root cause is improper validation of file extensions, allowing a remote attacker to upload arbitrary files and potentially execute cod...