2 matches found
Security Bulletin: IBM Security Key Lifecycle Manager is affected by XML External Entity Injection (XXE) attack (CVE-2017-1666)
Summary IBM Security Key Lifecycle Manager is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. Vulnerability Details CVEID: CVE-2017-1666 DESCRIPTION:...
CVE-2017-1666
IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) versions 2.5–2.5.0.8, 2.6–2.6.0.3, and 2.7–2.7.0.2 are affected by a XML External Entity (XXE) vulnerability when processing XML data. The root cause is an XXE flaw in XML processing, allowing a remote attacker to potentia...