IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross-Site Scripting (CVE-2017-1673)

IBM Security Key Lifecycle Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE(s): CVE-2017-1673

Affected product(s) and affected version(s):

IBM Security Key Lifecycle Manager: v2.5 – 2.5.0.8

IBM Security Key Lifecycle Manager v2.6 – 2.6.0.3

IBM Security Key Lifecycle Manager: v2.7 – 2.7.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2qfjRlm
X-Force Database: http://ift.tt/2lNwOhy

The post IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross-Site Scripting (CVE-2017-1673) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2E26Jlr