Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Apache Vulnerabilities
November 15, 2021
Rewterz
Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
November 15, 2021

Rewterz Threat Advisory – Multiple IBM Tivoli Key Lifecycle Manager improper

Severity

Medium

Analysis Summary

CVE-2021-38985: CVE-2021-38973: CVE-2021-38972

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receive input or data, but it does not validate or incorrectly validate that the input has the properties that are required to process the data safely and correctly.

Impact

  • Unauthorized Access

Affected Vendors

IBM

Affected Products

  • IBM Security Key Lifecycle Manager 3.0
  • IBM Security Key Lifecycle Manager 3.0.1
  • IBM Security Key Lifecycle Manager 4.0
  • IBM Security Key Lifecycle Manager 3.0.0.4
  • IBM Security Key Lifecycle Manager 3.0.1.5
  • IBM Security Key Lifecycle Manager 4.0.0.3
  • IBM Security Key Lifecycle Manager 4.1.0.1
  • IBM Security Key Lifecycle Manager 4.1.1
  • IBM Security Key Lifecycle Manager 4.1.0

Remediation

Refer to the appropriate IBM Security Bulletin for patch, upgrade, or suggested workaround information.

CVE-2021-38972

https://www.ibm.com/support/pages/node/6515530

CVE-2021-38973

https://www.ibm.com/support/pages/node/6515528

CVE-2021-38985

https://www.ibm.com/support/pages/node/6515526