cbcvebase.
CVE-2018-1749
published 2018-10-08

CVE-2018-1749: IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls…

medium6.5CVSS 3.0
AVNACLPRLUINSUCNIHAN
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484.

Affected

6 ranges
VendorProductVersion rangeFixed in
ibmsecurity_key_lifecycle_manager
ibmsecurity_key_lifecycle_manager
ibmsecurity_key_lifecycle_manager
ibmsecurity_key_lifecycle_manager2.6.0 – 2.6.0.4
ibmsecurity_key_lifecycle_manager2.7.0 – 2.7.0.3
ibmsecurity_key_lifecycle_manager3.0 – 3.0.0.1