CVE-2020-4568
First published: Fri Nov 06 2020(Updated: )
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Security Key Lifecycle Manager | =3.0 | |
| Ibm Security Key Lifecycle Manager | =3.0.1 | |
| Ibm Security Key Lifecycle Manager | =4.0 | |
| Ibm Security Key Lifecycle Manager | <=3.0.1 | |
| Ibm Security Key Lifecycle Manager | <=3.0 | |
| Ibm Security Key Lifecycle Manager | <=4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-4568?
The severity of CVE-2020-4568 is medium.
Which IBM Tivoli Key Lifecycle Manager versions are affected by CVE-2020-4568?
IBM Tivoli Key Lifecycle Manager versions 3.0, 3.0.1, and 4.0 are affected by CVE-2020-4568.
What is the CWE ID of CVE-2020-4568?
The CWE ID of CVE-2020-4568 is 522.
How can a local user read user credentials in clear text as described in CVE-2020-4568?
A local user can read user credentials in clear text by accessing the storage where IBM Tivoli Key Lifecycle Manager stores them.
Is there a fix available for CVE-2020-4568?
Yes, IBM has provided a security bulletin with information on how to mitigate the vulnerability.
- collector/nvd-index
- collector/ibm-support
- vendor/ibm
- canonical/ibm security key lifecycle manager
- version/ibm security key lifecycle manager/3.0
- version/ibm security key lifecycle manager/3.0.1
- version/ibm security key lifecycle manager/4.0