IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793.
Weakness
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Security_guardium_key_lifecycle_manager | Ibm | 4.1.0 (including) | 4.1.0.1 (including) |
| Security_guardium_key_lifecycle_manager | Ibm | 4.1.1 (including) | 4.1.1 (including) |
| Security_key_lifecycle_manager | Ibm | 3.0 (including) | 3.0.0.4 (including) |
| Security_key_lifecycle_manager | Ibm | 3.0.1 (including) | 3.0.1.5 (including) |
| Security_key_lifecycle_manager | Ibm | 4.0 (including) | 4.0.0.3 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/112.html
- https://cwe.mitre.org/data/definitions/192.html
- https://cwe.mitre.org/data/definitions/20.html