CVE-2018-1749 — IBM Security KEY Lifecycle Manager vulnerability

5 documents4 sources

Severity

6.5MEDIUMNVD

CNA4.3

EPSS

0.1%

top 68.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security KEY Lifecycle Manager

Timeline

PublishedOct 8

Latest updateMay 13

Description

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/security_key_lifecycle_manager2.6.0 — 2.6.0.4+2

▶CVEListV5ibm/security_key_lifecycle_manager2.6, 2.7, 3.0+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-wqvj-9hcf-95cq: IBM Tivoli Key Lifecycle Manager 2↗2022-05-13

▶

CVEList

CVE-2018-1749: IBM Tivoli Key Lifecycle Manager 2↗2018-10-08

▶

💬Community

Bugzilla

CVE-2019-3885 pacemaker: Information disclosure through use-after-free↗2019-04-01

▶

Bugzilla

CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS↗2018-12-10

▶