What is CVE-2021-38982?

CVE-2021-38982 is a vulnerability in IBM Tivoli Key Lifecycle Manager that allows cross-site scripting, potentially leading to credentials disclosure.

Which versions of IBM Tivoli Key Lifecycle Manager are affected?

IBM Tivoli Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, and 4.1 are affected.

How can the cross-site scripting vulnerability in IBM Tivoli Key Lifecycle Manager be exploited?

The vulnerability allows users to embed arbitrary JavaScript code in the Web UI, altering its intended functionality.

What is the severity of CVE-2021-38982?

The severity of CVE-2021-38982 is medium, with a CVSS score of 5.4.

Where can I find more information about CVE-2021-38982?

You can find more information about CVE-2021-38982 at the following links: - IBM X-Force Exchange: [https://exchange.xforce.ibmcloud.com/vulnerabilities/212791](https://exchange.xforce.ibmcloud.com/vulnerabilities/212791) - IBM Support Pages: [https://www.ibm.com/support/pages/node/6516042](https://www.ibm.com/support/pages/node/6516042)

Vulnerability/
CVE-2021-38982

medium

5.4

CWE

11/11/2021

16/11/2021

CVE-2021-38982: XSS

First published: Thu Nov 11 2021(Updated: )

IBM Tivoli Key Lifecycle Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Security Key Lifecycle Manager	<=3.0 - 3.0.0.4
Ibm Security Key Lifecycle Manager	<=3.0.1 - 3.0.1.5
Ibm Security Key Lifecycle Manager	<=4.0 - 4.0.0.3
IBM Security Guardium Key Lifecycle Manager	<=4.1.0 - 4.1.0.1
IBM Security Guardium Key Lifecycle Manager	<=4.1.1
IBM Security Guardium Key Lifecycle Manager	=4.1.0
IBM Security Guardium Key Lifecycle Manager	=4.1.0.1
IBM Security Guardium Key Lifecycle Manager	=4.1.1
Ibm Security Key Lifecycle Manager	>=3.0<=3.0.0.4
Ibm Security Key Lifecycle Manager	>=3.0.1<=3.0.1.5
Ibm Security Key Lifecycle Manager	>=4.0<=4.0.0.3
Ibm Security Key Lifecycle Manager	=4.1.0
Ibm Security Key Lifecycle Manager	=4.1.0.1
Ibm Security Key Lifecycle Manager	=4.1.1
IBM AIX
Linux Linux kernel
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6516042

Frequently Asked Questions

What is CVE-2021-38982?
CVE-2021-38982 is a vulnerability in IBM Tivoli Key Lifecycle Manager that allows cross-site scripting, potentially leading to credentials disclosure.
Which versions of IBM Tivoli Key Lifecycle Manager are affected?
IBM Tivoli Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, and 4.1 are affected.
How can the cross-site scripting vulnerability in IBM Tivoli Key Lifecycle Manager be exploited?
The vulnerability allows users to embed arbitrary JavaScript code in the Web UI, altering its intended functionality.
What is the severity of CVE-2021-38982?
The severity of CVE-2021-38982 is medium, with a CVSS score of 5.4.
Where can I find more information about CVE-2021-38982?
You can find more information about CVE-2021-38982 at the following links: - IBM X-Force Exchange: [https://exchange.xforce.ibmcloud.com/vulnerabilities/212791](https://exchange.xforce.ibmcloud.com/vulnerabilities/212791) - IBM Support Pages: [https://www.ibm.com/support/pages/node/6516042](https://www.ibm.com/support/pages/node/6516042)

collector/ibm-support
collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/tags
agent/type
agent/event
agent/description
agent/remedy
vendor/ibm
canonical/ibm security key lifecycle manager
version/ibm security key lifecycle manager/3.0 - 3.0.0.4
version/ibm security key lifecycle manager/3.0.1 - 3.0.1.5
version/ibm security key lifecycle manager/4.0 - 4.0.0.3
canonical/ibm security guardium key lifecycle manager
version/ibm security guardium key lifecycle manager/4.1.0 - 4.1.0.1
version/ibm security guardium key lifecycle manager/4.1.1
version/ibm security guardium key lifecycle manager/4.1.0
version/ibm security guardium key lifecycle manager/4.1.0.1
version/ibm security key lifecycle manager/3.0
version/ibm security key lifecycle manager/3.0.0.4
version/ibm security key lifecycle manager/3.0.1
version/ibm security key lifecycle manager/3.0.1.5
version/ibm security key lifecycle manager/4.0
version/ibm security key lifecycle manager/4.0.0.3
version/ibm security key lifecycle manager/4.1.0
version/ibm security key lifecycle manager/4.1.0.1
version/ibm security key lifecycle manager/4.1.1
canonical/ibm aix
vendor/linux
canonical/linux linux kernel
vendor/microsoft
canonical/microsoft windows