CVE-2017-1670SQL Injection in IBM Security KEY Lifecycle Manager

CWE-89SQL Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 28.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security KEY Lifecycle Manager
Timeline
PublishedJan 9
Latest updateMay 14

Description

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/security_key_lifecycle_manager2.5, 2.6, 2.7+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-8gpr-xf5x-5gg8: IBM Tivoli Key Lifecycle Manager 22022-05-14
CVEList
CVE-2017-1670: IBM Tivoli Key Lifecycle Manager 22018-01-09
CVE-2017-1670 — SQL Injection in IBM | cvebase