IBM Security Bulletin: Security bypass vulnerability affects IBM Security Key Lifecycle Manager – Missing Authentication for Critical Function (CVE-2016-6105 )

The software does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.

CVE(s): CVE-2016-6105

Affected product(s) and affected version(s):

IBM Security Key Lifecycle Manager: v2.5 – 2.5.0.7

IBM Security Key Lifecycle Manager v2.6 – 2.6.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2jQe28G
X-Force Database: http://ift.tt/2jz4341

from IBM Product Security Incident Response Team http://ift.tt/2jQl5OI