CVE-2021-38985

EUVD-2021-25422
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
ibmCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/C:N/S:U/A:N/UI:N/AV:N/PR:L/I:L/AC:L/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
ibmsecurity_guardium_key_lifecycle_manager
4.1.0 ≤
𝑥
≤ 4.1.0.1
ibmsecurity_guardium_key_lifecycle_manager
4.1.1
ibmsecurity_key_lifecycle_manager
3.0 ≤
𝑥
≤ 3.0.0.4
ibmsecurity_key_lifecycle_manager
3.0.1 ≤
𝑥
≤ 3.0.1.5
ibmsecurity_key_lifecycle_manager
4.0 ≤
𝑥
≤ 4.0.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/212799
https://www.ibm.com/support/pages/node/6515526
https://exchange.xforce.ibmcloud.com/vulnerabilities/212799
https://www.ibm.com/support/pages/node/6515526