CVE-2017-1668

MEDIUM

IBM Tivoli Key Lifecycle Manager <2.8 - Open Redirect

Title source: llm

Description

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 133562.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102430

Vendor Advisory x_refsource_confirm

http://www.ibm.com/support/docview.wss?uid=swg22012010

VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/133562

Scores

CVSS v3 6.1

EPSS 0.0099

EPSS Percentile 58.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (16)

ibm/security_key_lifecycle_manager 2.5.0

ibm/security_key_lifecycle_manager 2.5.0.1

ibm/security_key_lifecycle_manager 2.5.0.2

ibm/security_key_lifecycle_manager 2.5.0.3

ibm/security_key_lifecycle_manager 2.5.0.4

ibm/security_key_lifecycle_manager 2.5.0.5

ibm/security_key_lifecycle_manager 2.5.0.6

ibm/security_key_lifecycle_manager 2.5.0.7

ibm/security_key_lifecycle_manager 2.5.0.8

ibm/security_key_lifecycle_manager 2.6.0

... and 6 more

Published Jan 09, 2018

Tracked Since Feb 18, 2026