CVE-2017-1665Inadequate Encryption Strength in IBM Security KEY Lifecycle Manager

CWE-326Inadequate Encryption Strength3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 65.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Security KEY Lifecycle ManagerDebian Linux
Timeline
PublishedJan 4
Latest updateMay 14

Description

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/security_key_lifecycle_manager2.5, 2.6, 2.7+2

Also affects: Debian Linux 9.0

🔴Vulnerability Details

2
GHSA
GHSA-mfpq-74ch-r5x4: IBM Tivoli Key Lifecycle Manager 22022-05-14
CVEList
CVE-2017-1665: IBM Tivoli Key Lifecycle Manager 22018-01-04
CVE-2017-1665 — Inadequate Encryption Strength in IBM | cvebase