CVE-2016-6104

Name of the Vulnerable Software and Affected Versions IBM Tivoli Key Lifecycle Manager versions 2.5 through 2.6

Description The issue is caused by the improper validation of file extensions, allowing a remote attacker to upload arbitrary files. This could enable the attacker to execute arbitrary code on the vulnerable system.

Recommendations For versions 2.5 and 2.6, consider restricting file uploads to only necessary extensions as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.