CVE-2016-6103
https://notcve.org/view.php?id=CVE-2016-6103
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 es vulnerable a la falsificación de solicitudes de sitios cruzados, lo que podría permitir a un atacante ejecutar acciones malintencionadas y no autorizadas transmitidas por un usuario en el que confía el sitio web. • http://www.ibm.com/support/docview.wss?uid=swg21997949 http://www.securityfocus.com/bid/95950 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-6099
https://notcve.org/view.php?id=CVE-2016-6099
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 revela información sensible a usuarios no autorizados. La información se puede utilizar para montar ataques adicionales en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21997924 http://www.securityfocus.com/bid/95958 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6095
https://notcve.org/view.php?id=CVE-2016-6095
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto forzar las credenciales de la cuenta. • http://www.ibm.com/support/docview.wss?uid=swg21997802 http://www.securityfocus.com/bid/95965 • CWE-284: Improper Access Control •
CVE-2016-6116
https://notcve.org/view.php?id=CVE-2016-6116
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 podría permitir a un atacante remoto obtener información sensible, provocado por el error al habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible utilizando técnicas man-in-the-middle. • http://www.ibm.com/support/docview.wss?uid=swg21997805 http://www.securityfocus.com/bid/95966 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6117
https://notcve.org/view.php?id=CVE-2016-6117
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 puede ser implementado con código de depuración activo que puede revelar información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21997983 http://www.securityfocus.com/bid/95905 http://www.securitytracker.com/id/1037764 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •