CVE-2021-38983: Weak Encryption
First published: Thu Nov 11 2021(Updated: )
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Security Key Lifecycle Manager | <=3.0 - 3.0.0.4 | |
| Ibm Security Key Lifecycle Manager | <=3.0.1 - 3.0.1.5 | |
| Ibm Security Key Lifecycle Manager | <=4.0 - 4.0.0.3 | |
| IBM Security Guardium Key Lifecycle Manager | <=4.1.0 - 4.1.0.1 | |
| IBM Security Guardium Key Lifecycle Manager | <=4.1.1 | |
| IBM Security Guardium Key Lifecycle Manager | =4.1.0 | |
| IBM Security Guardium Key Lifecycle Manager | =4.1.0.1 | |
| IBM Security Guardium Key Lifecycle Manager | =4.1.1 | |
| Ibm Security Key Lifecycle Manager | >=3.0<=3.0.0.4 | |
| Ibm Security Key Lifecycle Manager | >=3.0.1<=3.0.1.5 | |
| Ibm Security Key Lifecycle Manager | >=4.0<=4.0.0.3 | |
| Ibm Security Key Lifecycle Manager | =4.1.0 | |
| Ibm Security Key Lifecycle Manager | =4.1.0.1 | |
| Ibm Security Key Lifecycle Manager | =4.1.1 | |
| IBM AIX | ||
| Linux Linux kernel | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-38983?
CVE-2021-38983 is a vulnerability in IBM Tivoli Key Lifecycle Manager that allows an attacker to decrypt highly sensitive information due to the use of weaker than expected cryptographic algorithms.
Which versions of IBM Tivoli Key Lifecycle Manager are affected?
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 are affected by this vulnerability.
What is the severity of CVE-2021-38983?
The severity of CVE-2021-38983 is high, with a CVSS score of 7.5.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by using weaker cryptographic algorithms to decrypt highly sensitive information.
Are there any patches or fixes available for this vulnerability?
Yes, IBM has provided patches and fixes for the affected versions of IBM Tivoli Key Lifecycle Manager to address this vulnerability. Please refer to the IBM support page for more information.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- agent/remedy
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm security guardium key lifecycle manager
- version/ibm security guardium key lifecycle manager/4.1.0
- version/ibm security guardium key lifecycle manager/4.1.0.1
- version/ibm security guardium key lifecycle manager/4.1.1
- canonical/ibm security key lifecycle manager
- version/ibm security key lifecycle manager/3.0
- version/ibm security key lifecycle manager/3.0.0.4
- version/ibm security key lifecycle manager/3.0.1
- version/ibm security key lifecycle manager/3.0.1.5
- version/ibm security key lifecycle manager/4.0
- version/ibm security key lifecycle manager/4.0.0.3
- version/ibm security key lifecycle manager/4.1.0
- version/ibm security key lifecycle manager/4.1.0.1
- version/ibm security key lifecycle manager/4.1.1
- canonical/ibm aix
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- version/ibm security key lifecycle manager/3.0 - 3.0.0.4
- version/ibm security key lifecycle manager/3.0.1 - 3.0.1.5
- version/ibm security key lifecycle manager/4.0 - 4.0.0.3
- version/ibm security guardium key lifecycle manager/4.1.0 - 4.1.0.1