Medium Severity

IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross-Site Scripting (CVE-2019-4564)

Share this post:

IBM Security Key Lifecycle Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE(s): CVE-2017-1673, CVE-2019-4564

Affected product(s) and affected version(s):

IBM Security Key Lifecycle Manager v2.6 – 2.6.0.5 on distributed platforms
IBM Security Key Lifecycle Manager: v2.7 – 2.7.0.4 on distributed platforms
IBM Security Key Lifecycle Manager (SKLM) v3.0 – v3.0.0.2 on distributed platforms
IBM Security Key Lifecycle Manager (SKLM) v3.0.1- v3.0.1.1 on distributed platforms

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/302001
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133640
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/166625

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python

Mar 4, 2021 7:00 pm EST | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. ...read more


Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (March 2021)

Mar 4, 2021 7:00 pm EST | Medium Severity

Multiple vulnerabilities affect IBM Cloud Object Storage Systems. These vulnerabilities have been addressed in the latest ClevOS releases. ...read more


Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM StoredIQ for Legal

Mar 4, 2021 7:00 pm EST | Medium Severity

There are multiple vulnerabilities that affect IBM WebSphere Application Server shipped with IBM StoredIQ for Legal. These have been addressed in Fix Pack 2.0.3.13 of StoredIQ for Legal. ...read more