CVE-2018-1743Sensitive Information Exposure in IBM Security KEY Lifecycle Manager

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 65.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security KEY Lifecycle Manager
Timeline
PublishedOct 8
Latest updateMay 13

Description

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 148422.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDibm/security_key_lifecycle_manager2.6.02.6.0.4+2
CVEListV5ibm/security_key_lifecycle_manager2.6, 2.7, 3.0+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-m295-5j7h-r792: IBM Tivoli Key Lifecycle Manager 22022-05-13
CVEList
CVE-2018-1743: IBM Tivoli Key Lifecycle Manager 22018-10-08

💬Community

1
Bugzilla
CVE-2018-5950 mailman: Cross-site scripting (XSS) vulnerability in web UI2018-01-24
CVE-2018-1743 — Sensitive Information Exposure in IBM | cvebase