CVE-2014-0872 — Sensitive Information Exposure in IBM Security KEY Lifecycle Manager

CWE-200 — Sensitive Information Exposure CWE-2553 documents3 sources

Severity

4.1MEDIUMNVD

EPSS

0.0%

top 87.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security KEY Lifecycle Manager

Timeline

PublishedApr 25

Latest updateMay 14

Description

The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages1 packages

▶NVDibm/security_key_lifecycle_manager2.5.0

🔴Vulnerability Details

GHSA

GHSA-hmcr-j622-757q: The installation process in IBM Security Key Lifecycle Manager 2↗2022-05-14

▶

CVEList

CVE-2014-0872: The installation process in IBM Security Key Lifecycle Manager 2↗2018-04-25

▶