Ibm

Security Key Lifecycle Manager

70 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-1673

  • EPSS 0.26%
  • Published 04.01.2018 17:29:00
  • Last modified 21.11.2024 03:22:12

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...

5.9

CVE-2017-1664

  • EPSS 0.14%
  • Published 04.01.2018 17:29:00
  • Last modified 21.11.2024 03:22:11

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.

5.9

CVE-2017-1665

  • EPSS 0.14%
  • Published 04.01.2018 17:29:00
  • Last modified 21.11.2024 03:22:11

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.

4.3

CVE-2017-1669

  • EPSS 0.22%
  • Published 04.01.2018 17:29:00
  • Last modified 21.11.2024 03:22:11

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Forc...

8.8

CVE-2017-1672

  • EPSS 0.13%
  • Published 04.01.2018 17:29:00
  • Last modified 21.11.2024 03:22:12

IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.

4.3

CVE-2017-1727

  • EPSS 0.18%
  • Published 04.01.2018 17:29:00
  • Last modified 21.11.2024 03:22:16

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

8.1

CVE-2016-6098

  • EPSS 0.14%
  • Published 08.06.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

9.8

CVE-2016-6093

  • EPSS 0.37%
  • Published 08.06.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

4.3

CVE-2016-6102

  • EPSS 0.22%
  • Published 27.03.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #:...

7.2

CVE-2016-6104

  • EPSS 3.46%
  • Published 07.02.2017 16:59:00
  • Last modified 20.04.2025 01:37:25

IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system.