CVE-2021-38980

Summary

IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786.

Affected Software

VendorProductVersion RangeStatus
IBMSecurity Key Lifecycle Manager3.0affected
IBMSecurity Key Lifecycle Manager3.0.1affected
IBMSecurity Key Lifecycle Manager4.0affected
IBMSecurity Key Lifecycle Manager3.0.0.4affected
IBMSecurity Key Lifecycle Manager3.0.1.5affected
IBMSecurity Key Lifecycle Manager4.0.0.3affected
IBMSecurity Key Lifecycle Manager4.1.0.1affected
IBMSecurity Key Lifecycle Manager4.1.1affected
IBMSecurity Key Lifecycle Manager4.1.0affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References