CVE-2017-1664Inadequate Encryption Strength in IBM Security KEY Lifecycle Manager

CWE-326Inadequate Encryption Strength3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 66.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security KEY Lifecycle Manager
Timeline
PublishedJan 4
Latest updateMay 14

Description

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/security_key_lifecycle_manager2.5, 2.6, 2.7+2

🔴Vulnerability Details

2
GHSA
GHSA-877x-wh4j-h3gm: IBM Tivoli Key Lifecycle Manager 22022-05-14
CVEList
CVE-2017-1664: IBM Tivoli Key Lifecycle Manager 22018-01-04
CVE-2017-1664 — Inadequate Encryption Strength in IBM | cvebase