Description
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.
Affected products
- IBM Corporation / Key Lifecycle Manager2.5 – 2.5
- IBM Corporation / Key Lifecycle Manager1.0 – 1.0
- IBM Corporation / Key Lifecycle Manager2.0 – 2.0
- IBM Corporation / Key Lifecycle Manager2.0.1 – 2.0.1
- IBM Corporation / Key Lifecycle Manager2.6 – 2.6