CVE-2021-38985
Summary
| CVE | CVE-2021-38985 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-12 16:15:00 UTC |
| Updated | 2021-11-16 16:18:00 UTC |
| Description | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Security Guardium Key Lifecycle Manager | 4.1.1 | All | All | All |
| Application | Ibm | Security Guardium Key Lifecycle Manager | All | All | All | All |
| Application | Ibm | Security Key Lifecycle Manager | All | All | All | All |
| Application | Ibm | Security Key Lifecycle Manager | All | All | All | All |
| Application | Ibm | Security Key Lifecycle Manager | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Security Bulletin: Hazardous input validation in IBM Security Guardium Key Lifecycle Manager (CVE-2021-38985) | CONFIRM | www.ibm.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.