Description
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781.
CVSS breakdown
CVSS 3.0
User Interaction
None
Attack Vector
Local
Confidentiality
High
Scope
Unchanged
Integrity
None
Availability
None
Privileges Required
None
Attack Complexity
Low
RL
O
RC
Changed
E
Unchanged
Affected products
- ibm / Security Key Lifecycle Manager3.0 – 3.0
- ibm / Security Key Lifecycle Manager3.0.1 – 3.0.1
- ibm / Security Key Lifecycle Manager4.0 – 4.0
- ibm / Security Key Lifecycle Manager3.0.0.4 – 3.0.0.4
- ibm / Security Key Lifecycle Manager3.0.1.5 – 3.0.1.5
- ibm / Security Key Lifecycle Manager4.0.0.3 – 4.0.0.3
- ibm / Security Key Lifecycle Manager4.1 – 4.1
- ibm / Security Key Lifecycle Manager4.1.0.1 – 4.1.0.1
- ibm / Security Key Lifecycle Manager4.1.1 – 4.1.1