Ibm

Security Key Lifecycle Manager

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-1673

  • EPSS 0.26%
  • Veröffentlicht 04.01.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:22:12

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...

5.9

CVE-2017-1664

  • EPSS 0.14%
  • Veröffentlicht 04.01.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:22:11

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.

5.9

CVE-2017-1665

  • EPSS 0.14%
  • Veröffentlicht 04.01.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:22:11

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.

4.3

CVE-2017-1669

  • EPSS 0.22%
  • Veröffentlicht 04.01.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:22:11

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Forc...

8.8

CVE-2017-1672

  • EPSS 0.13%
  • Veröffentlicht 04.01.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:22:12

IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.

4.3

CVE-2017-1727

  • EPSS 0.18%
  • Veröffentlicht 04.01.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:22:16

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

8.1

CVE-2016-6098

  • EPSS 0.14%
  • Veröffentlicht 08.06.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

9.8

CVE-2016-6093

  • EPSS 0.37%
  • Veröffentlicht 08.06.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

4.3

CVE-2016-6102

  • EPSS 0.22%
  • Veröffentlicht 27.03.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #:...

7.2

CVE-2016-6104

  • EPSS 3.46%
  • Veröffentlicht 07.02.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.