Total
70 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38974 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779. | |||||
CVE-2021-38981 | 3 Ibm, Linux, Microsoft | 5 Aix, Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager and 2 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788. | |||||
CVE-2020-4568 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157. | |||||
CVE-2020-4845 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190289. | |||||
CVE-2020-4846 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190290. | |||||
CVE-2020-4569 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. IBM X-Force ID: 184158. | |||||
CVE-2020-4567 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 184156. | |||||
CVE-2020-4573 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180. | |||||
CVE-2020-4572 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184179. | |||||
CVE-2019-4514 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136. | |||||
CVE-2019-4564 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2019-4565 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. | |||||
CVE-2019-4515 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. | |||||
CVE-2019-4566 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. | |||||
CVE-2018-1745 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424. | |||||
CVE-2018-1744 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423. | |||||
CVE-2018-1751 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Key Lifecycle Manager, Linux Kernel and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512. | |||||
CVE-2018-1753 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514. | |||||
CVE-2018-1738 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 5.5 MEDIUM | 7.1 HIGH |
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907. | |||||
CVE-2018-1743 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 148422. |