CVE-2017-1671

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Key Lifecycle Manager versions 2.5 through 2.7

Description: The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing dot dot sequences (../) to view arbitrary files on the system.

Recommendations: For versions 2.5 through 2.7, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, limit the ability to send specially-crafted URL requests to the system until a fix is available.