CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1743
https://notcve.org/view.php?id=CVE-2018-1743
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 148422. IBM Tivoli Key Lifecycle Manager 2.6, 2.7 y 3.0 divulga información sensible a usuarios sin autorización. Esta información puede emplearse para ejecutar más ataques en el sistema. • http://www.ibm.com/support/docview.wss?uid=ibm10733351 https://exchange.xforce.ibmcloud.com/vulnerabilities/148422 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0872
https://notcve.org/view.php?id=CVE-2014-0872
The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988. El proceso de instalación en IBM Security Key Lifecycle Manager 2.5 almacena credenciales sin cifrar, lo que podría permitir que usuarios locales obtengan información sensible aprovechando el acceso root. IBM X-Force ID: 90988. • https://exchange.xforce.ibmcloud.com/vulnerabilities/90988 https://www.ibm.com/blogs/psirt/ibm-security-bulletin-unencrypted-credentials-stored-on-ibm-security-key-lifecycle-manager-server-cve-2014-0872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2017-1668
https://notcve.org/view.php?id=CVE-2017-1668
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 133562. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 podría permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirección abierta. • http://www.ibm.com/support/docview.wss?uid=swg22012010 http://www.securityfocus.com/bid/102430 https://exchange.xforce.ibmcloud.com/vulnerabilities/133562 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2017-1670
https://notcve.org/view.php?id=CVE-2017-1670
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637. IBM Tivoli Key Lifecycle Manager 2.5, 2.6, y 2.7 es vulnerable a una inyección SQL. Un atacante remoto podría enviar instrucciones SQL especialmente manipuladas que podrían permitir que el atacante viese, añadiese, modificase o borrase información en la base de datos del backend. • http://www.ibm.com/support/docview.wss?uid=swg22012009 http://www.securityfocus.com/bid/102429 https://exchange.xforce.ibmcloud.com/vulnerabilities/133637 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2017-1671
https://notcve.org/view.php?id=CVE-2017-1671
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto punto" (/../) para visualizar archivos arbitrarios en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22011967 http://www.securityfocus.com/bid/102487 https://exchange.xforce.ibmcloud.com/vulnerabilities/133638 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •