5.9

CVE-2021-38978

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmSecurity Guardium Key Lifecycle Manager Version4.1.0
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmSecurity Guardium Key Lifecycle Manager Version4.1.0.1
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmSecurity Guardium Key Lifecycle Manager Version4.1.1
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmSecurity Key Lifecycle Manager Version >= 3.0 <= 3.0.0.4
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmSecurity Key Lifecycle Manager Version >= 3.0.1 <= 3.0.1.5
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmSecurity Key Lifecycle Manager Version >= 4.0 <= 4.0.0.3
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmSecurity Key Lifecycle Manager Version4.1.0
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmSecurity Key Lifecycle Manager Version4.1.0.1
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmSecurity Key Lifecycle Manager Version4.1.1
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.86% 0.536
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
psirt@us.ibm.com 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://exchange.xforce.ibmcloud.com/vulnerabilities/212783
Vendor Advisory
VDB Entry
https://www.ibm.com/support/pages/node/6516050
Patch
Vendor Advisory