CVE-2019-4514

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136.

Published : 2019-10-04 14:15 Updated : 2019-10-09 23:50

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Ibm Security Key Lifecycle Manager 2.6.0 cpe:/a:ibm:security_key_lifecycle_manager:2.6.0
Ibm Security Key Lifecycle Manager 2.6.0.1 cpe:/a:ibm:security_key_lifecycle_manager:2.6.0.1
Ibm Security Key Lifecycle Manager 2.6.0.2 cpe:/a:ibm:security_key_lifecycle_manager:2.6.0.2
Ibm Security Key Lifecycle Manager 2.6.0.3 cpe:/a:ibm:security_key_lifecycle_manager:2.6.0.3
Ibm Security Key Lifecycle Manager 2.6.0.4 cpe:/a:ibm:security_key_lifecycle_manager:2.6.0.4
Ibm Security Key Lifecycle Manager 2.6.0.5 cpe:/a:ibm:security_key_lifecycle_manager:2.6.0.5
Ibm Security Key Lifecycle Manager 2.7.0 cpe:/a:ibm:security_key_lifecycle_manager:2.7.0
Ibm Security Key Lifecycle Manager 2.7.0.1 cpe:/a:ibm:security_key_lifecycle_manager:2.7.0.1
Ibm Security Key Lifecycle Manager 2.7.0.2 cpe:/a:ibm:security_key_lifecycle_manager:2.7.0.2
Ibm Security Key Lifecycle Manager 2.7.0.3 cpe:/a:ibm:security_key_lifecycle_manager:2.7.0.3
Ibm Security Key Lifecycle Manager 2.7.0.4 cpe:/a:ibm:security_key_lifecycle_manager:2.7.0.4
Ibm Security Key Lifecycle Manager 3.0 cpe:/a:ibm:security_key_lifecycle_manager:3.0
Ibm Security Key Lifecycle Manager 3.0.0 cpe:/a:ibm:security_key_lifecycle_manager:3.0.0
Ibm Security Key Lifecycle Manager 3.0.0.1 cpe:/a:ibm:security_key_lifecycle_manager:3.0.0.1
Ibm Security Key Lifecycle Manager 3.0.0.2 cpe:/a:ibm:security_key_lifecycle_manager:3.0.0.2
Ibm Security Key Lifecycle Manager 3.0.1 cpe:/a:ibm:security_key_lifecycle_manager:3.0.1
Ibm Security Key Lifecycle Manager 3.0.1.1 cpe:/a:ibm:security_key_lifecycle_manager:3.0.1.1
  1. Ibm (1) Search CVE
    1. Security Key Lifecycle Manager (17) Search CVE
      1. 2.6.0
      2. 2.6.0.1
      3. 2.6.0.2
      4. 2.6.0.3
      5. 2.6.0.4
      6. 2.6.0.5
      7. 2.7.0
      8. 2.7.0.1
      9. 2.7.0.2
      10. 2.7.0.3
      11. 2.7.0.4
      12. 3.0
      13. 3.0.0
      14. 3.0.0.1
      15. 3.0.0.2
      16. 3.0.1
      17. 3.0.1.1

CWE

ID Name Description Links
CWE-863 Incorrect Authorization The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. CVE

History of changes

Date Event
2019-10-07 20:04
2019-10-04 15:15

New CVE