IBM Security Key Lifecycle Manager allows web pages containing sensitive information to be cached by a browser. As a result this information will be stored unsafely for an indefinite amount of time on the user’s hard drive. Attackers with local access or malware installed on the user’s computer can access the sensitive data.
CVE(s): CVE-2016-6097
Affected product(s) and affected version(s):
IBM Tivoli Key Lifecycle Manager: v2.0.1 – 2.0.1.8
IBM Security Key Lifecycle Manager: v2.5 – 2.5.0.7
IBM Security Key Lifecycle Manager v2.6 – 2.6.0.2
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2kwd95V
X-Force Database: http://ift.tt/2l06ePs
from IBM Product Security Incident Response Team http://ift.tt/2kw59lh
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.