CVE-2021-38980
First published: Fri Nov 12 2021(Updated: )
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Guardium Key Lifecycle Manager | <=4.1.0 - 4.1.0.1 | |
| IBM Security Guardium Key Lifecycle Manager | <=4.1.1 | |
| IBM Security Guardium Key Lifecycle Manager | >=4.1.0<=4.1.0.1 | |
| IBM Security Guardium Key Lifecycle Manager | =4.1.1 | |
| Ibm Security Key Lifecycle Manager | >=3.0<=3.0.0.4 | |
| Ibm Security Key Lifecycle Manager | >=3.0.1<=3.0.1.5 | |
| Ibm Security Key Lifecycle Manager | >=4.0<=4.0.0.3 | |
| IBM AIX | ||
| Linux Linux kernel | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-38980?
CVE-2021-38980 is a vulnerability in IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) that allows a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
Which versions of IBM Tivoli Key Lifecycle Manager are affected by CVE-2021-38980?
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) versions 3.0, 3.0.1, 4.0, and 4.1 are affected by CVE-2021-38980.
What is the severity of CVE-2021-38980?
CVE-2021-38980 has a severity rating of 5.3 (Medium).
How can a remote attacker exploit CVE-2021-38980?
A remote attacker can exploit CVE-2021-38980 by making a request to the vulnerable system and analyzing the detailed technical error message returned in the browser to obtain sensitive information.
Are IBM AIX, Linux kernel, and Microsoft Windows affected by CVE-2021-38980?
No, IBM AIX, Linux kernel, and Microsoft Windows are not affected by CVE-2021-38980.
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/type
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm security guardium key lifecycle manager
- version/ibm security guardium key lifecycle manager/4.1.0
- version/ibm security guardium key lifecycle manager/4.1.0.1
- version/ibm security guardium key lifecycle manager/4.1.1
- canonical/ibm security key lifecycle manager
- version/ibm security key lifecycle manager/3.0
- version/ibm security key lifecycle manager/3.0.0.4
- version/ibm security key lifecycle manager/3.0.1
- version/ibm security key lifecycle manager/3.0.1.5
- version/ibm security key lifecycle manager/4.0
- version/ibm security key lifecycle manager/4.0.0.3
- canonical/ibm aix
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- version/ibm security guardium key lifecycle manager/4.1.0 - 4.1.0.1