CVE-2016-6102: Infoleak
First published: Mon Mar 27 2017(Updated: )
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Guardium Key Lifecycle Manager | =2.5.0 | |
| IBM Security Guardium Key Lifecycle Manager | =2.5.0.0 | |
| IBM Security Guardium Key Lifecycle Manager | =2.5.0.1 | |
| IBM Security Guardium Key Lifecycle Manager | =2.5.0.2 | |
| IBM Security Guardium Key Lifecycle Manager | =2.5.0.3 | |
| IBM Security Guardium Key Lifecycle Manager | =2.5.0.4 | |
| IBM Security Guardium Key Lifecycle Manager | =2.5.0.5 | |
| IBM Security Guardium Key Lifecycle Manager | =2.5.0.6 | |
| IBM Security Guardium Key Lifecycle Manager | =2.5.0.7 | |
| IBM Security Guardium Key Lifecycle Manager | =2.6.0 | |
| IBM Security Guardium Key Lifecycle Manager | =2.6.0.1 | |
| IBM Security Guardium Key Lifecycle Manager | =2.6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-6102?
CVE-2016-6102 has been categorized with a medium severity due to the potential information disclosure risk.
How do I fix CVE-2016-6102?
To mitigate CVE-2016-6102, avoid including sensitive information in URL parameters and review server access logs for exposure.
What vulnerabilities does CVE-2016-6102 expose in IBM Tivoli Key Lifecycle Manager?
CVE-2016-6102 exposes a risk of information disclosure that could allow unauthorized parties to access sensitive data via URL parameters.
Which versions of IBM Tivoli Key Lifecycle Manager are affected by CVE-2016-6102?
Versions 2.5 and 2.6 of IBM Tivoli Key Lifecycle Manager are affected by CVE-2016-6102.
Who is responsible for addressing CVE-2016-6102?
It is the responsibility of organizations running affected versions of IBM Tivoli Key Lifecycle Manager to address CVE-2016-6102.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm security guardium key lifecycle manager
- version/ibm security guardium key lifecycle manager/2.5.0
- version/ibm security guardium key lifecycle manager/2.5.0.0
- version/ibm security guardium key lifecycle manager/2.5.0.1
- version/ibm security guardium key lifecycle manager/2.5.0.2
- version/ibm security guardium key lifecycle manager/2.5.0.3
- version/ibm security guardium key lifecycle manager/2.5.0.4
- version/ibm security guardium key lifecycle manager/2.5.0.5
- version/ibm security guardium key lifecycle manager/2.5.0.6
- version/ibm security guardium key lifecycle manager/2.5.0.7
- version/ibm security guardium key lifecycle manager/2.6.0
- version/ibm security guardium key lifecycle manager/2.6.0.1
- version/ibm security guardium key lifecycle manager/2.6.0.2