IBM Security Key Lifecycle Manager 多漏洞公告 (CVE-2020-4567等)

IBM Security Key Lifecycle Manager Vulnerabilities Summary Multiple vulnerabilities identified in IBM Security Key Lifecycle Manager have been fixed in version v4.0.0.2 and v3.0.1.5. Users should apply the latest fix packs. Vulnerability Details CVE-2020-4567 Description: Inadequate account lockout setting allowing a remote attacker to brute force account credentials. CVSS Base Score: 8.6 CVE-2020-4569 Description: Protection mechanism bypassed by modifying input. CVSS Base Score: 6.5 CVE-2020-4573 Description: Sensitive information disclosure due to unauthenticated HTTP requests. CVSS Base Score: 5.3 CVE-2020-4574 Description: Default weak password policy. CVSS Base Score: 7.4 CVE-2020-4572 Description: Sensitive information disclosure via detailed technical error messages. CVSS Base Score: 5.3 IBM X-Force ID: 184179 CVE-2020-4845 Description: Cross-site scripting vulnerability. CVSS Base Score: 5.4 CVE-2020-4846 Description: Sensitive information disclosure via detailed technical error messages. CVSS Base Score: 2.7 Affected Products and Versions IBM Security Key Lifecycle Manager: v4.0, v3.0.1 Remediation/Fixes IBM Security Key Lifecycle Manager v4.0: 4.0.0-ISS-SKLM-FP0002 IBM Security Key Lifecycle Manager v3.0.1: 3.0.1-ISS-SKLM-FP0005 Workarounds and Mitigations None References Complete CVSS v3 Guide On-line Calculator v3

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

IBM Security Key Lifecycle Manager 多漏洞公告 (CVE-2020-4567等)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！