CVE-2017-1727 : IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive informati

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

Published 2018-01-04 17:29:01

Updated 2018-01-12 20:14:33

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2017-1727

IBM » Security Key Lifecycle Manager » Version: 2.5.0.7
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.5.0.6
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.5.0.5
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.6.0.1
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.5.0.0
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.5.0.3
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.5.0.1
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.5.0.4
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.5.0.2
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.6.0.2
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.6.0
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.5.0.8
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.8:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.6.0.3
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.7.0
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.7.0:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.7.0.1
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.7.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Security Key Lifecycle Manager » Version: 2.7.0.2
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.7.0.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-1727

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 36 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-1727

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2017-1727

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-1727

https://exchange.xforce.ibmcloud.com/vulnerabilities/134869

IBM Tivoli Key Lifecycle Manager information disclosure CVE-2017-1727 Vulnerability Report
VDB Entry;Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22012012

IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Application Error (CVE-2017-1727)
Vendor Advisory
http://www.securityfocus.com/bid/102432

IBM Security Key Lifecycle Manager CVE-2017-1727 Information Disclosure Vulnerability
Issue Tracking;Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2017-1727

Products affected by CVE-2017-1727

Exploit prediction scoring system (EPSS) score for CVE-2017-1727

CVSS scores for CVE-2017-1727

CWE ids for CVE-2017-1727

References for CVE-2017-1727