CVE-2016-6104

Summary

IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationKey Lifecycle Manager2.5affected
IBM CorporationKey Lifecycle Manager1.0affected
IBM CorporationKey Lifecycle Manager2.0affected
IBM CorporationKey Lifecycle Manager2.0.1affected
IBM CorporationKey Lifecycle Manager2.6affected

Weaknesses

  • Gain Access

ADP Enrichment

CVE Program Container

Additional References

References