CVE-2016-6102

Name of the Vulnerable Software and Affected Versions IBM Tivoli Key Lifecycle Manager versions 2.5 through 2.6

Description The issue allows for potential information disclosure due to sensitive information being stored in URL parameters. If unauthorized parties gain access to the URLs through server logs, referrer headers, or browser history, they may obtain sensitive data.

Recommendations For versions 2.5 and 2.6, consider restricting access to server logs and referrer headers to minimize the risk of unauthorized parties accessing sensitive information. As a temporary workaround, avoid using sensitive information in URL parameters until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.