SymmetricalDataSecurity: IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by incorrect permission assignment for critical resource (CVE-2016-6098)

Thursday, February 2, 2017

IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by incorrect permission assignment for critical resource (CVE-2016-6098)

IBM Security Key Lifecycle Manager specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM Security Key Lifecycle Manager addresses this vulnerability with the following CVE-2016-6098

CVE(s): CVE-2016-6098

Affected product(s) and affected version(s):

IBM Tivoli Key Lifecycle Manager v2.0.1- 2.0.1.8

IBM Security Key Lifecycle Manager: v2.5 – 2.5.0.7

IBM Security Key Lifecycle Manager v2.6 – 2.6.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2kw3ImQ
X-Force Database: http://ift.tt/2l0lNXr

from IBM Product Security Incident Response Team http://ift.tt/2kwgm5s

SymmetricalDataSecurity

Thursday, February 2, 2017

IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by incorrect permission assignment for critical resource (CVE-2016-6098)

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews