cpe:/a:ibm:security_key_lifecycle_manager:2.5.0 cpe:/a:ibm:security_key_lifecycle_manager:2.5.0.1 cpe:/a:ibm:security_key_lifecycle_manager:2.5.0.2 cpe:/a:ibm:security_key_lifecycle_manager:2.5.0.3 cpe:/a:ibm:security_key_lifecycle_manager:2.5.0.4 cpe:/a:ibm:security_key_lifecycle_manager:2.5.0.5 cpe:/a:ibm:security_key_lifecycle_manager:2.5.0.6 cpe:/a:ibm:security_key_lifecycle_manager:2.5.0.7 cpe:/a:ibm:security_key_lifecycle_manager:2.5.0.8 cpe:/a:ibm:security_key_lifecycle_manager:2.6.0 cpe:/a:ibm:security_key_lifecycle_manager:2.6.0.1 cpe:/a:ibm:security_key_lifecycle_manager:2.6.0.2 cpe:/a:ibm:security_key_lifecycle_manager:2.6.0.3 cpe:/a:ibm:security_key_lifecycle_manager:2.7.0 cpe:/a:ibm:security_key_lifecycle_manager:2.7.0.1 cpe:/a:ibm:security_key_lifecycle_manager:2.7.0.2 CVE-2017-1666 2018-01-09T15:29:00.317-05:00 2018-01-31T11:12:41.783-05:00 5.5 NETWORK LOW SINGLE_INSTANCE PARTIAL NONE PARTIAL http://nvd.nist.gov 2018-01-23T15:39:10.590-05:00 BID 102434 CONFIRM http://www.ibm.com/support/docview.wss?uid=swg22011970 MISC https://exchange.xforce.ibmcloud.com/vulnerabilities/133560 IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 133540.