Description
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181.
CVSS breakdown
CVSS 3.0
Scope
Changed
User Interaction
Required
Privileges Required
None
Attack Vector
Network
Integrity
None
Confidentiality
High
Attack Complexity
Low
Availability
None
RC
Changed
RL
O
E
Unchanged
Affected products
- ibm / Security Key Lifecycle Manager3.0.1 – 3.0.1
- ibm / Security Key Lifecycle Manager4.0 – 4.0