Ibm

Security Key Lifecycle Manager

70 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2019-4514

  • EPSS 0.28%
  • Published 04.10.2019 14:15:11
  • Last modified 21.11.2024 04:43:40

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136.

5.5

CVE-2019-4566

  • EPSS 0.05%
  • Published 24.09.2019 14:15:11
  • Last modified 21.11.2024 04:43:44

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.

6.5

CVE-2019-4515

  • EPSS 0.13%
  • Published 24.09.2019 14:15:11
  • Last modified 21.11.2024 04:43:41

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137.

7.5

CVE-2019-4565

  • EPSS 0.27%
  • Published 20.09.2019 16:15:13
  • Last modified 21.11.2024 04:43:44

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.

7.5

CVE-2018-1751

  • EPSS 0.16%
  • Published 23.01.2019 15:29:00
  • Last modified 21.11.2024 04:00:18

IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512.

7.1

CVE-2018-1747

  • EPSS 0.35%
  • Published 15.10.2018 13:29:00
  • Last modified 21.11.2024 04:00:17

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory res...

6.5

CVE-2018-1744

  • EPSS 0.36%
  • Published 15.10.2018 13:29:00
  • Last modified 21.11.2024 04:00:17

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the...

7.8

CVE-2018-1745

  • EPSS 0.41%
  • Published 11.10.2018 12:29:00
  • Last modified 21.11.2024 04:00:17

IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424.

7.1

CVE-2018-1738

  • EPSS 0.13%
  • Published 11.10.2018 12:29:00
  • Last modified 21.11.2024 04:00:17

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907.

4.3

CVE-2018-1753

  • EPSS 0.12%
  • Published 08.10.2018 15:29:02
  • Last modified 21.11.2024 04:00:18

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514.