SymmetricalDataSecurity: IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross Site Scripting (CVE-2016-6096)

Thursday, February 2, 2017

IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross Site Scripting (CVE-2016-6096)

IBM Security Key Lifecycle Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE(s): CVE-2016-6096

Affected product(s) and affected version(s):

IBM Tivoli Key Lifecycle Manager: v2.0.1 – 2.0.1.8

IBM Security Key Lifecycle Manager: v2.5 – 2.5.0.7

IBM Security Key Lifecycle Manager v2.6 – 2.6.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2kwlDtD
X-Force Database: http://ift.tt/2l08Jky

from IBM Product Security Incident Response Team http://ift.tt/2kwpd71

SymmetricalDataSecurity

Thursday, February 2, 2017

IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross Site Scripting (CVE-2016-6096)

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews