Information Disclosure in IBM Tivoli Key Lifecycle Manager Products
CVE-2021-38975
4.3MEDIUM
Summary
IBM Tivoli Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, and 4.1 are susceptible to an information disclosure vulnerability. An authenticated user may exploit this flaw through a specially crafted HTTP request, potentially allowing them to access sensitive information that should be protected. It highlights the importance of secure request handling and stringent access protocols to mitigate risks associated with unauthorized data exposure.
Affected Version(s)
Security Key Lifecycle Manager 3.0
Security Key Lifecycle Manager 3.0.1
Security Key Lifecycle Manager 4.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved