IBM Security Bulletin: IBM Security Key Lifecycle Manager Misses Authentication for Critical Function (CVE-2018-1745)

Oct 6, 2018 9:00 am EDT

Categorized: High Severity

Share this post:

IBM Security Key Lifecycle Manager could allow an unauthenticated user to restart the SKLM server due to missing authentication.

CVE(s): CVE-2018-1745

Affected product(s) and affected version(s):

IBM Security Key Lifecycle Manager: v2.7 – 2.7.0.3

IBM Security Key Lifecycle Manager: v3.0- 3.0.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10733355
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148424



from IBM Product Security Incident Response Team https://ift.tt/2IG8OqT