Medium Severity

IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross-Site Scripting (CVE-2019-4564)

Share this post:

IBM Security Key Lifecycle Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE(s): CVE-2017-1673, CVE-2019-4564

Affected product(s) and affected version(s):

IBM Security Key Lifecycle Manager v2.6 – 2.6.0.5 on distributed platforms
IBM Security Key Lifecycle Manager: v2.7 – 2.7.0.4 on distributed platforms
IBM Security Key Lifecycle Manager (SKLM) v3.0 – v3.0.0.2 on distributed platforms
IBM Security Key Lifecycle Manager (SKLM) v3.0.1- v3.0.1.1 on distributed platforms

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/302001
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133640
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/166625

More stories

Security Bulletin: CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name

Aug 4, 2020 8:01 pm EDT | Medium Severity

CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name ...read more


Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition

Aug 4, 2020 8:00 pm EDT | Medium Severity

CVE-2019-2949 was disclosed in the Oracle October 2019 Critical Patch Update ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.

Aug 4, 2020 8:00 pm EDT | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by IBM Integration Bus & IBM App Connect Enterprise v11. These issues were disclosed as part of the IBM Java SDK updates in April 2020. ...read more