Information Disclosure Vulnerability in IBM Tivoli Key Lifecycle Manager by IBM
CVE-2021-38980

2.7LOW

Key Information:

Vendor: IBM
Status: Security Key Lifecycle Manager
Vendor: CVE Published:; 23 November 2021

What is CVE-2021-38980?

An information disclosure vulnerability exists in IBM Tivoli Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, and 4.1 due to improper handling of error messages. Attackers exploiting this flaw could retrieve sensitive information presented in detailed technical error messages displayed in web browsers. This exposed information may facilitate further unauthorized attacks on the system. For more information, refer to IBM's official resources and the X-Force ID: 212786.

Affected Version(s)

Security Key Lifecycle Manager 3.0

Security Key Lifecycle Manager 3.0.1

Security Key Lifecycle Manager 4.0

References

https://www.ibm.com/support/pages/node/6518326

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/212786

vdb-entryx_refsource_XF

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2021
Vulnerability Reserved
Aug 16, 2021