Description
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783.
CVSS breakdown
CVSS 3.0
User Interaction
None
Confidentiality
High
Attack Vector
Network
Availability
None
Scope
Unchanged
Integrity
None
Privileges Required
None
Attack Complexity
High
RL
O
RC
Changed
E
Unchanged
Affected products
- ibm / Security Key Lifecycle Manager3.0 – 3.0
- ibm / Security Key Lifecycle Manager3.0.1 – 3.0.1
- ibm / Security Key Lifecycle Manager4.0 – 4.0
- ibm / Security Key Lifecycle Manager3.0.0.4 – 3.0.0.4
- ibm / Security Key Lifecycle Manager3.0.1.5 – 3.0.1.5
- ibm / Security Key Lifecycle Manager4.0.0.3 – 4.0.0.3
- ibm / Security Key Lifecycle Manager4.1 – 4.1
- ibm / Security Key Lifecycle Manager4.1.0.1 – 4.1.0.1
- ibm / Security Key Lifecycle Manager4.1.1 – 4.1.1