CVE-2017-1670

high-risk

Published 2018-01-09

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637.

Do I need to act?

-

0.68% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

9

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (16)

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Security Key Lifecycle Manager

Affected Vendors

Ibm

References (6)

Patch http://www.ibm.com/support/docview.wss?uid=swg22012009

Third Party Advisory http://www.securityfocus.com/bid/102429

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/133637

Patch http://www.ibm.com/support/docview.wss?uid=swg22012009

Third Party Advisory http://www.securityfocus.com/bid/102429

VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/133637

52

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 18/34 · Moderate