Page 2 of 26 results (0.016 seconds)

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto punto" (/../) para visualizar archivos arbitrarios en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22011967 http://www.securityfocus.com/bid/102487 https://exchange.xforce.ibmcloud.com/vulnerabilities/133638 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 0

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 133540. Las versiones 2.5, 2.6 y 2.7 de IBM Tivoli Key Lifecycle Manager son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22011970 http://www.securityfocus.com/bid/102434 https://exchange.xforce.ibmcloud.com/vulnerabilities/133560 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 133559. • http://www.ibm.com/support/docview.wss?uid=swg22012023 https://exchange.xforce.ibmcloud.com/vulnerabilities/133559 https://www.debian.org/security/2018/dsa-4262 • CWE-326: Inadequate Encryption Strength •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 almacena información sensible en parámetros URL. Esto podría llevar a una divulgación de información si partes no autorizadas tienen acceso a las URL mediante registros del servidor, cabeceras referrer o el historial del navegador. • http://www.ibm.com/support/docview.wss?uid=swg21997955 http://www.securityfocus.com/bid/102468 https://exchange.xforce.ibmcloud.com/vulnerabilities/133636 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 revela información sensible en mensajes de error que podría ayudar a un atacante en futuros ataques contra el sistema. IBM X-Force ID: 134869. • http://www.ibm.com/support/docview.wss?uid=swg22012012 http://www.securityfocus.com/bid/102432 https://exchange.xforce.ibmcloud.com/vulnerabilities/134869 • CWE-532: Insertion of Sensitive Information into Log File •