What is the severity of CVE-2016-6104?

The severity of CVE-2016-6104 is considered critical, as it allows remote attackers to execute arbitrary code on the vulnerable system.

How do I fix CVE-2016-6104?

To fix CVE-2016-6104, upgrade IBM Tivoli Key Lifecycle Manager to a patched version as recommended by the vendor.

Which versions of IBM Tivoli Key Lifecycle Manager are affected by CVE-2016-6104?

CVE-2016-6104 affects versions 2.5 and 2.6 of IBM Tivoli Key Lifecycle Manager.

Can CVE-2016-6104 be exploited remotely?

Yes, CVE-2016-6104 can be exploited remotely due to improper validation of file extensions.

What type of attack is possible with CVE-2016-6104?

CVE-2016-6104 allows a remote attacker to upload arbitrary files, potentially leading to arbitrary code execution.

Vulnerability/
CVE-2016-6104

high

7.2

CWE

434

7/2/2017

6/8/2024

CVE-2016-6104: Malicious File Upload

First published: Tue Feb 07 2017(Updated: )

IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Key Lifecycle Manager	=2.5.0
IBM Security Key Lifecycle Manager	=2.5.0.0
IBM Security Key Lifecycle Manager	=2.5.0.1
IBM Security Key Lifecycle Manager	=2.5.0.2
IBM Security Key Lifecycle Manager	=2.5.0.3
IBM Security Key Lifecycle Manager	=2.5.0.4
IBM Security Key Lifecycle Manager	=2.5.0.5
IBM Security Key Lifecycle Manager	=2.5.0.6
IBM Security Key Lifecycle Manager	=2.5.0.7
IBM Security Key Lifecycle Manager	=2.6.0
IBM Security Key Lifecycle Manager	=2.6.0.1
IBM Security Key Lifecycle Manager	=2.6.0.2

Remedy

http://www.ibm.com/support/docview.wss?uid=swg21997988

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6104?
The severity of CVE-2016-6104 is considered critical, as it allows remote attackers to execute arbitrary code on the vulnerable system.
How do I fix CVE-2016-6104?
To fix CVE-2016-6104, upgrade IBM Tivoli Key Lifecycle Manager to a patched version as recommended by the vendor.
Which versions of IBM Tivoli Key Lifecycle Manager are affected by CVE-2016-6104?
CVE-2016-6104 affects versions 2.5 and 2.6 of IBM Tivoli Key Lifecycle Manager.
Can CVE-2016-6104 be exploited remotely?
Yes, CVE-2016-6104 can be exploited remotely due to improper validation of file extensions.
What type of attack is possible with CVE-2016-6104?
CVE-2016-6104 allows a remote attacker to upload arbitrary files, potentially leading to arbitrary code execution.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm security key lifecycle manager
version/ibm security key lifecycle manager/2.5.0
version/ibm security key lifecycle manager/2.5.0.0
version/ibm security key lifecycle manager/2.5.0.1
version/ibm security key lifecycle manager/2.5.0.2
version/ibm security key lifecycle manager/2.5.0.3
version/ibm security key lifecycle manager/2.5.0.4
version/ibm security key lifecycle manager/2.5.0.5
version/ibm security key lifecycle manager/2.5.0.6
version/ibm security key lifecycle manager/2.5.0.7
version/ibm security key lifecycle manager/2.6.0
version/ibm security key lifecycle manager/2.6.0.1
version/ibm security key lifecycle manager/2.6.0.2