Vulnerability Details CVE-2016-6104
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.0%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2016-6104
-
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0
-
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0
-
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1
-
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2
-
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3
-
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4
-
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5
-
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6
-
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7
-
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0
-
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1
-
cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2