CVE-2021-38973

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
ibmCNA
2.4 LOW
NETWORK
LOW
HIGH
CVSS:3.0/UI:R/AV:N/A:N/C:N/S:U/I:L/AC:L/PR:H/RL:O/RC:C/E:U
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
ibmsecurity_guardium_key_lifecycle_manager
4.1.0 ≤
𝑥
≤ 4.1.0.1
ibmsecurity_guardium_key_lifecycle_manager
4.1.1
ibmsecurity_key_lifecycle_manager
3.0 ≤
𝑥
≤ 3.0.0.4
ibmsecurity_key_lifecycle_manager
3.0.1 ≤
𝑥
≤ 3.0.1.5
ibmsecurity_key_lifecycle_manager
4.0 ≤
𝑥
≤ 4.0.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/212778
https://www.ibm.com/support/pages/node/6515528
https://exchange.xforce.ibmcloud.com/vulnerabilities/212778
https://www.ibm.com/support/pages/node/6515528