CVE-2017-1669: Infoleak
First published: Thu Jan 04 2018(Updated: )
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Key Lifecycle Manager | =2.5.0.0 | |
| IBM Security Key Lifecycle Manager | =2.5.0.1 | |
| IBM Security Key Lifecycle Manager | =2.5.0.2 | |
| IBM Security Key Lifecycle Manager | =2.5.0.3 | |
| IBM Security Key Lifecycle Manager | =2.5.0.4 | |
| IBM Security Key Lifecycle Manager | =2.5.0.5 | |
| IBM Security Key Lifecycle Manager | =2.5.0.6 | |
| IBM Security Key Lifecycle Manager | =2.5.0.7 | |
| IBM Security Key Lifecycle Manager | =2.5.0.8 | |
| IBM Security Key Lifecycle Manager | =2.6.0 | |
| IBM Security Key Lifecycle Manager | =2.6.0.1 | |
| IBM Security Key Lifecycle Manager | =2.6.0.2 | |
| IBM Security Key Lifecycle Manager | =2.6.0.3 | |
| IBM Security Key Lifecycle Manager | =2.7.0 | |
| IBM Security Key Lifecycle Manager | =2.7.0.1 | |
| IBM Security Key Lifecycle Manager | =2.7.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-1669?
CVE-2017-1669 is classified as a medium severity vulnerability due to potential information disclosure.
How do I fix CVE-2017-1669?
To fix CVE-2017-1669, ensure you configure your IBM Tivoli Key Lifecycle Manager to avoid exposing sensitive information through URL parameters.
What are the affected versions of IBM Tivoli Key Lifecycle Manager for CVE-2017-1669?
The affected versions for CVE-2017-1669 are IBM Tivoli Key Lifecycle Manager versions 2.5 to 2.7.
What type of data is at risk in CVE-2017-1669?
CVE-2017-1669 risks sensitive information exposure stored in URL parameters.
Can exploitation of CVE-2017-1669 be mitigated?
Mitigation of CVE-2017-1669 can be achieved by ensuring proper access controls and sanitizing URL parameters.
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm security key lifecycle manager
- version/ibm security key lifecycle manager/2.5.0.0
- version/ibm security key lifecycle manager/2.5.0.1
- version/ibm security key lifecycle manager/2.5.0.2
- version/ibm security key lifecycle manager/2.5.0.3
- version/ibm security key lifecycle manager/2.5.0.4
- version/ibm security key lifecycle manager/2.5.0.5
- version/ibm security key lifecycle manager/2.5.0.6
- version/ibm security key lifecycle manager/2.5.0.7
- version/ibm security key lifecycle manager/2.5.0.8
- version/ibm security key lifecycle manager/2.6.0
- version/ibm security key lifecycle manager/2.6.0.1
- version/ibm security key lifecycle manager/2.6.0.2
- version/ibm security key lifecycle manager/2.6.0.3
- version/ibm security key lifecycle manager/2.7.0
- version/ibm security key lifecycle manager/2.7.0.1
- version/ibm security key lifecycle manager/2.7.0.2