CVE-2021-38979
published 2021-11-15CVE-2021-38979: IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | security_guardium_key_lifecycle_manager | — | — |
| ibm | security_guardium_key_lifecycle_manager | — | — |
| ibm | security_guardium_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | 3.0 – 3.0.0.4 | — |
| ibm | security_key_lifecycle_manager | 3.0.1 – 3.0.1.5 | — |
| ibm | security_key_lifecycle_manager | 4.0 – 4.0.0.3 | — |