CVE-2018-1738Improper Authentication in IBM Security KEY Lifecycle Manager

CWE-287Improper Authentication3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 67.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security KEY Lifecycle Manager
Timeline
PublishedOct 11
Latest updateMay 13

Description

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

NVDibm/security_key_lifecycle_manager2.6.02.6.0.4+2
CVEListV5ibm/security_key_lifecycle_manager2.6, 2.7, 3.0+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-mhm6-rjw7-rhjh: IBM Security Key Lifecycle Manager 22022-05-13
CVEList
CVE-2018-1738: IBM Security Key Lifecycle Manager 22018-10-11