IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by malicious actions from a trusted user i.e. Cross-Site Request Forgery (CVE-2016-6103 )

IBM Security Key Lifecycle Manager could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVE(s): CVE-2016-6103

Affected product(s) and affected version(s):

IBM Security Key Lifecycle Manager: v2.5 – 2.5.0.7

IBM Security Key Lifecycle Manager v2.6 – 2.6.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2jXfQwq
X-Force Database: http://ift.tt/2kVARFB

from IBM Product Security Incident Response Team http://ift.tt/2jXeRN4