CVE-2020-4568

Description

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157.

CVSS breakdown

CVSS 3.0

Privileges Required

Low

User Interaction

None

Confidentiality

High

Scope

Changed

Attack Vector

Network

Integrity

None

Availability

None

Attack Complexity

High

Unchanged

Changed

Affected products

ibm / Security Key Lifecycle Manager3.0 – 3.0
ibm / Security Key Lifecycle Manager3.0.1 – 3.0.1
ibm / Security Key Lifecycle Manager4.0 – 4.0

References

MISChttps://www.ibm.com/support/pages/node/6365305
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/184157