6.5

CVE-2018-1749

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmSecurity Key Lifecycle Manager Version >= 2.6.0 <= 2.6.0.4
IbmSecurity Key Lifecycle Manager Version >= 2.7.0 <= 2.7.0.3
IbmSecurity Key Lifecycle Manager Version >= 3.0 <= 3.0.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.9% 0.551
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
psirt@us.ibm.com 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.ibm.com/support/docview.wss?uid=ibm10733303
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/148484
Vendor Advisory
VDB Entry