Home Unlabelled IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by exposure of sensitive information stored in URL parameters (CVE-2017-1669)

IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by exposure of sensitive information stored in URL parameters (CVE-2017-1669)

By
Wednesday, January 03, 2018
Read
Add Comment

IBM Security Key Lifecycle Manager stores sensitive information in URL parameter. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. The latest fixpack listed below addresses this issue.

CVE(s): CVE-2017-1669

Affected product(s) and affected version(s):

IBM Security Key Lifecycle Manager: v2.5 – 2.5.0.8

IBM Security Key Lifecycle Manager v2.6 – 2.6.0.3

IBM Security Key Lifecycle Manager: v2.7 – 2.7.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2qfJPFf
X-Force Database: http://ift.tt/2lP7ojl

The post IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by exposure of sensitive information stored in URL parameters (CVE-2017-1669) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2E0axUc
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us