IBM265A54C6ECEFA6148A4FA32AE704B5C4860484B74A1B4EF67D65ECD5610BA927Security Bulletin: IBM Security Key Lifecycle Manager is affected by exposure of sensitive information to be cached by browser (CVE-2016-6097)
EPSS
Percentile
21.1%
Summary
IBM Security Key Lifecycle Manager allows web pages containing sensitive information to be cached by a browser. As a result this information will be stored unsafely for an indefinite amount of time on the user’s hard drive. Attackers with local access or malware installed on the user’s computer can access the sensitive data.
Vulnerability Details
CVEID: CVE-2016-6097**
DESCRIPTION:** IBM Tivoli Key Lifecycle Manager allows web pages to be stored locally which can be read by another user on the system.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118253 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM Tivoli Key Lifecycle Manager: v2.0.1 - 2.0.1.8
IBM Security Key Lifecycle Manager: v2.5 - 2.5.0.7
IBM Security Key Lifecycle Manager v2.6 - 2.6.0.2
Remediation/Fixes
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Tivoli Key Lifecycle Manager| 2.0.1 - 2.0.1.8| 2.0.1-ISS-TKLM-FP0009
IBM Security Key Lifecycle Manager| 2.5 - 2.5.0.7| 2.5.0-ISS-SKLM-FP0008
IBM Security Key Lifecycle Manager| 2.6- 2.6.0.2| 2.6.0-ISS-SKLM-FP0003
Workarounds and Mitigations
None
Related
EPSS
Percentile
21.1%