Lucene search
IBMF2855B0304D88D8486FF4209401E5FE53C3926876532A8A35A52A5E436D712B4HistoryNov 12, 2021 - 6:34 a.m.
Security Bulletin: Missing http strict transport security header in in IBM Security Guardium Key Lifecycle Manager (CVE-2021-38978)
2021-11-1206:34:30
www.ibm.com
6
0.002 Low
EPSS
Percentile
54.6%
Summary
Missing http strict transport security header in in IBM Security Guardium Key Lifecycle Manager (CVE-2021-38978).
Vulnerability Details
CVEID:CVE-2021-38978
**DESCRIPTION:**IBM Tivoli Key Lifecycle Manager could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212783 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Affected Version(s) |
|---|---|
| IBM Security Key Lifecycle Manager | 3.0 - 3.0.0.4 |
| IBM Security Key Lifecycle Manager | 3.0.1 - 3.0.1.5 |
| IBM Security Key Lifecycle Manager | 4.0 - 4.0.0.3 |
| IBM Security Guardium Key Lifecycle Manager | 4.1.0 - 4.1.0.1 |
| IBM Security Guardium Key Lifecycle Manager | 4.1.1 |
Remediation/Fixes
It is fixed in 4.1.1 - Fix Pack 1
Workarounds and Mitigations
None
Related
cve
cve
CVE-2021-38978
2021-11-15 16:15:09
cnvd
cnvd
cvelist
cvelist
CVE-2021-38978
2021-11-12 00:00:00
prion
prion
Design/Logic Flaw
2021-11-15 16:15:00
nvd
nvd
CVE-2021-38978
2021-11-15 16:15:09
0.002 Low
EPSS
Percentile
54.6%
Related for F2855B0304D88D8486FF4209401E5FE53C3926876532A8A35A52A5E436D712B4