CVE-2021-38976
First published: Thu Nov 11 2021(Updated: )
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Security Key Lifecycle Manager | <=3.0 - 3.0.0.4 | |
| Ibm Security Key Lifecycle Manager | <=3.0.1 - 3.0.1.5 | |
| Ibm Security Key Lifecycle Manager | <=4.0 - 4.0.0.3 | |
| IBM Security Guardium Key Lifecycle Manager | <=4.1.0 - 4.1.0.1 | |
| IBM Security Guardium Key Lifecycle Manager | <=4.1.1 | |
| IBM Security Guardium Key Lifecycle Manager | =4.1.0 | |
| IBM Security Guardium Key Lifecycle Manager | =4.1.0.1 | |
| IBM Security Guardium Key Lifecycle Manager | =4.1.1 | |
| Ibm Security Key Lifecycle Manager | >=3.0<=3.0.0.4 | |
| Ibm Security Key Lifecycle Manager | >=3.0.1<=3.0.1.5 | |
| Ibm Security Key Lifecycle Manager | >=4.0<=4.0.0.3 | |
| Ibm Security Key Lifecycle Manager | =4.1.0 | |
| Ibm Security Key Lifecycle Manager | =4.1.0.1 | |
| Ibm Security Key Lifecycle Manager | =4.1.1 | |
| IBM AIX | ||
| Linux Linux kernel | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the IBM Tivoli Key Lifecycle Manager vulnerability?
The vulnerability ID for the IBM Tivoli Key Lifecycle Manager vulnerability is CVE-2021-38976.
What is the severity level of CVE-2021-38976?
The severity level of CVE-2021-38976 is medium (6.2).
Which software versions are affected by CVE-2021-38976?
IBM Tivoli Key Lifecycle Manager versions 3.0 - 3.0.0.4, 3.0.1 - 3.0.1.5, 4.0 - 4.0.0.3, 4.1.0 - 4.1.0.1, and 4.1.1 are affected by CVE-2021-38976.
How can a local user read user credentials in plain text due to this vulnerability?
A local user can read user credentials in plain text due to this vulnerability by accessing the stored credentials in IBM Tivoli Key Lifecycle Manager.
Where can I find more information about CVE-2021-38976?
You can find more information about CVE-2021-38976 at the following links: [IBM X-Force ID: 212781](https://exchange.xforce.ibmcloud.com/vulnerabilities/212781) and [IBM Support Page](https://www.ibm.com/support/pages/node/6516038).
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/trending
- vendor/ibm
- canonical/ibm security guardium key lifecycle manager
- version/ibm security guardium key lifecycle manager/4.1.0
- version/ibm security guardium key lifecycle manager/4.1.0.1
- version/ibm security guardium key lifecycle manager/4.1.1
- canonical/ibm security key lifecycle manager
- version/ibm security key lifecycle manager/3.0
- version/ibm security key lifecycle manager/3.0.0.4
- version/ibm security key lifecycle manager/3.0.1
- version/ibm security key lifecycle manager/3.0.1.5
- version/ibm security key lifecycle manager/4.0
- version/ibm security key lifecycle manager/4.0.0.3
- version/ibm security key lifecycle manager/4.1.0
- version/ibm security key lifecycle manager/4.1.0.1
- version/ibm security key lifecycle manager/4.1.1
- canonical/ibm aix
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- version/ibm security key lifecycle manager/3.0 - 3.0.0.4
- version/ibm security key lifecycle manager/3.0.1 - 3.0.1.5
- version/ibm security key lifecycle manager/4.0 - 4.0.0.3
- version/ibm security guardium key lifecycle manager/4.1.0 - 4.1.0.1