CVE-2018-1749

EUVD-2018-12328
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
ibmCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/A:N/AC:L/AV:N/C:N/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
ibmsecurity_key_lifecycle_manager
2.6.0 ≤
𝑥
≤ 2.6.0.4
ibmsecurity_key_lifecycle_manager
2.7.0 ≤
𝑥
≤ 2.7.0.3
ibmsecurity_key_lifecycle_manager
3.0 ≤
𝑥
≤ 3.0.0.1
𝑥
= Vulnerable software versions
References
http://www.ibm.com/support/docview.wss?uid=ibm10733303
https://exchange.xforce.ibmcloud.com/vulnerabilities/148484
http://www.ibm.com/support/docview.wss?uid=ibm10733303
https://exchange.xforce.ibmcloud.com/vulnerabilities/148484