What is CVE-2021-38980?

CVE-2021-38980 is a vulnerability in IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) that allows a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

Which versions of IBM Tivoli Key Lifecycle Manager are affected by CVE-2021-38980?

IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) versions 3.0, 3.0.1, 4.0, and 4.1 are affected by CVE-2021-38980.

What is the severity of CVE-2021-38980?

CVE-2021-38980 has a severity rating of 5.3 (Medium).

How can a remote attacker exploit CVE-2021-38980?

A remote attacker can exploit CVE-2021-38980 by making a request to the vulnerable system and analyzing the detailed technical error message returned in the browser to obtain sensitive information.

Are IBM AIX, Linux kernel, and Microsoft Windows affected by CVE-2021-38980?

No, IBM AIX, Linux kernel, and Microsoft Windows are not affected by CVE-2021-38980.

Vulnerability/
CVE-2021-38980

medium

5.3

CWE

209

12/11/2021

31/1/2022

CVE-2021-38980

First published: Fri Nov 12 2021(Updated: )

IBM Tivoli Key Lifecycle Manager could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Guardium Key Lifecycle Manager	<=4.1.0 - 4.1.0.1
IBM Security Guardium Key Lifecycle Manager	<=4.1.1
IBM Security Guardium Key Lifecycle Manager	>=4.1.0<=4.1.0.1
IBM Security Guardium Key Lifecycle Manager	=4.1.1
Ibm Security Key Lifecycle Manager	>=3.0<=3.0.0.4
Ibm Security Key Lifecycle Manager	>=3.0.1<=3.0.1.5
Ibm Security Key Lifecycle Manager	>=4.0<=4.0.0.3
IBM AIX
Linux Linux kernel
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6518326

Frequently Asked Questions

What is CVE-2021-38980?
CVE-2021-38980 is a vulnerability in IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) that allows a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
Which versions of IBM Tivoli Key Lifecycle Manager are affected by CVE-2021-38980?
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) versions 3.0, 3.0.1, 4.0, and 4.1 are affected by CVE-2021-38980.
What is the severity of CVE-2021-38980?
CVE-2021-38980 has a severity rating of 5.3 (Medium).
How can a remote attacker exploit CVE-2021-38980?
A remote attacker can exploit CVE-2021-38980 by making a request to the vulnerable system and analyzing the detailed technical error message returned in the browser to obtain sensitive information.
Are IBM AIX, Linux kernel, and Microsoft Windows affected by CVE-2021-38980?
No, IBM AIX, Linux kernel, and Microsoft Windows are not affected by CVE-2021-38980.

collector/ibm-support
collector/nvd-index
agent/author
agent/severity
agent/weakness
agent/references
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/remedy
agent/tags
vendor/ibm
canonical/ibm security guardium key lifecycle manager
version/ibm security guardium key lifecycle manager/4.1.0 - 4.1.0.1
version/ibm security guardium key lifecycle manager/4.1.1
version/ibm security guardium key lifecycle manager/4.1.0
version/ibm security guardium key lifecycle manager/4.1.0.1
canonical/ibm security key lifecycle manager
version/ibm security key lifecycle manager/3.0
version/ibm security key lifecycle manager/3.0.0.4
version/ibm security key lifecycle manager/3.0.1
version/ibm security key lifecycle manager/3.0.1.5
version/ibm security key lifecycle manager/4.0
version/ibm security key lifecycle manager/4.0.0.3
canonical/ibm aix
vendor/linux
canonical/linux linux kernel
vendor/microsoft
canonical/microsoft windows