CVE-2019-4515

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137.

Published : 2019-09-24 14:15 Updated : 2019-10-09 23:50

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Ibm Security Key Lifecycle Manager 3.0.0 cpe:/a:ibm:security_key_lifecycle_manager:3.0.0
Ibm Security Key Lifecycle Manager 3.0.0.1 cpe:/a:ibm:security_key_lifecycle_manager:3.0.0.1
Ibm Security Key Lifecycle Manager 3.0.0.2 cpe:/a:ibm:security_key_lifecycle_manager:3.0.0.2
Ibm Security Key Lifecycle Manager 3.0.1 cpe:/a:ibm:security_key_lifecycle_manager:3.0.1
Ibm Security Key Lifecycle Manager 3.0.1.1 cpe:/a:ibm:security_key_lifecycle_manager:3.0.1.1
  1. Ibm (1) Search CVE
    1. Security Key Lifecycle Manager (5) Search CVE
      1. 3.0.0
      2. 3.0.0.1
      3. 3.0.0.2
      4. 3.0.1
      5. 3.0.1.1

CWE

ID Name Description Links
CWE-352 Cross-Site Request Forgery (CSRF) The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. CVE

History of changes

Date Event
2019-09-25 18:15
2019-09-24 14:23

New CVE