IBM Security Key Lifecycle Manager has this issue where the product discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Security Key Lifecycle Manager latest fixpacks mentioned below addresses this vulnerability..
CVE(s): CVE-2016-6099
Affected product(s) and affected version(s):
IBM Security Key Lifecycle Manager: v2.5 – 2.5.0.7
IBM Security Key Lifecycle Manager v2.6 – 2.6.0.2
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2jXeRwy
X-Force Database: http://ift.tt/2kVxPkE
from IBM Product Security Incident Response Team http://ift.tt/2jXldf2
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.