CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0CVE-2017-1665
https://notcve.org/view.php?id=CVE-2017-1665
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 133559. • http://www.ibm.com/support/docview.wss?uid=swg22012023 https://exchange.xforce.ibmcloud.com/vulnerabilities/133559 https://www.debian.org/security/2018/dsa-4262 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2017-1669
https://notcve.org/view.php?id=CVE-2017-1669
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 almacena información sensible en parámetros URL. Esto podría llevar a una divulgación de información si partes no autorizadas tienen acceso a las URL mediante registros del servidor, cabeceras referrer o el historial del navegador. • http://www.ibm.com/support/docview.wss?uid=swg21997955 http://www.securityfocus.com/bid/102468 https://exchange.xforce.ibmcloud.com/vulnerabilities/133636 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2016-6093
https://notcve.org/view.php?id=CVE-2016-6093
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM Tivoli Key Lifecycle Manager no requiere que los usuarios tengan contraseñas seguras por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario. • http://www.ibm.com/support/docview.wss?uid=swg21997956 http://www.securityfocus.com/bid/95985 https://exchange.xforce.ibmcloud.com/vulnerabilities/118172 • CWE-255: Credentials Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 0CVE-2016-6098
https://notcve.org/view.php?id=CVE-2016-6098
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM Tivoli Key Lifecycle Manager versiones 2.0.1, 2.5 y 2.6 especifica permisos para un recurso crítico de seguridad de una manera que permite que el recurso sea leído o modificado por actores no deseados. • http://www.ibm.com/support/docview.wss?uid=swg21997958 http://www.securityfocus.com/bid/95982 https://exchange.xforce.ibmcloud.com/vulnerabilities/118254 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6102
https://notcve.org/view.php?id=CVE-2016-6102
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359. • http://www.ibm.com/support/docview.wss?uid=swg22000359 http://www.securityfocus.com/bid/96976 http://www.securitytracker.com/id/1038093 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •