Description
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Affected products
- IBM Corporation / Key Lifecycle Manager2.5 – 2.5
- IBM Corporation / Key Lifecycle Manager1.0 – 1.0
- IBM Corporation / Key Lifecycle Manager2.0 – 2.0
- IBM Corporation / Key Lifecycle Manager2.0.1 – 2.0.1
- IBM Corporation / Key Lifecycle Manager2.6 – 2.6