IBM Tivoli Key Lifecycle Manager Cross-Site Request Forgery (CVE-2017-1672)

A vulnerability exists in ibm security key lifecycle manager. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross-Site Request Forgery (CVE-2017-1672)

Summary IBM Security Key Lifecycle Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Vulnerability Details CVEID: CVE-2017-1672 DESCRIPTION: IBM Tivoli Key Lifecycle...

CVE-2017-1672

CVE-2017-1672 affects IBM Security Key Lifecycle Manager (Tivoli) 2.6 (2.6.0.3 fix) and 2.7 (2.7.0.2 fix), with CSRF permitting unauthorized actions from trusted users. Root cause: cross-site request forgery in the web interface. CVSSv3 base score 8.8 (HIGH) per NVD, vector CVSS:3.0/AV:N/AC:L/PR:...

CVE-2017-1672

IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639...