CVE-2017-1671

Summary

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638.

Affected Software

VendorProductVersion RangeStatus
IBMSecurity Key Lifecycle Manager2.5affected
IBMSecurity Key Lifecycle Manager2.6affected
IBMSecurity Key Lifecycle Manager2.7affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References