IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637.
2018-01-09T20:29:00.397
2024-11-21T03:22:11.857
Modified
CVSSv3.0: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ibm | security_key_lifecycle_manager | 2.5.0 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.5.0.1 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.5.0.2 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.5.0.3 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.5.0.4 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.5.0.5 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.5.0.6 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.5.0.7 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.5.0.8 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.6.0 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.6.0.1 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.6.0.2 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.6.0.3 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.7.0 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.7.0.1 | Yes |
| Application | ibm | security_key_lifecycle_manager | 2.7.0.2 | Yes |