CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-38972
https://notcve.org/view.php?id=CVE-2021-38972
12 Nov 2021 — IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. IBM Tivoli Key Lifecycle Manager versiones 3.0, 3.0.1, 4.0 y 4.1, recibe entradas o datos, pero no comprueba o comprueba incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos de forma segura y correcta • https://exchange.xforce.ibmcloud.com/vulnerabilities/212775 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4568
https://notcve.org/view.php?id=CVE-2020-4568
10 Nov 2020 — IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157. IBM Tivoli Key Lifecycle Manager versiones 3.0, 3.0.1 y 4.0, almacena las credenciales de usuario en texto plano y sin cifrar que puede ser leído por un usuario local. ID de IBM X-Force: 184157 • https://exchange.xforce.ibmcloud.com/vulnerabilities/184157 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4564
https://notcve.org/view.php?id=CVE-2019-4564
04 Oct 2019 — IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Key Lifecycle Manager versiones 2.6, 2.7, 3.0 y 3.0.1, es susceptible a una vulnerabilidad de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código arbitrario JavaScript en l... • https://exchange.xforce.ibmcloud.com/vulnerabilities/166625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4514
https://notcve.org/view.php?id=CVE-2019-4514
04 Oct 2019 — IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136. IBM Security Key Lifecycle Manager versiones 2.6, 2.7, 3.0 y 3.0.1, divulga información confidencial a usuarios no autorizados. La información puede ser usada para montar futuros ataques en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165136 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4566
https://notcve.org/view.php?id=CVE-2019-4566
24 Sep 2019 — IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. IBM Security Key Lifecycle Manager versiones 3.0 y 3.0.1, almacena las credenciales de usuario en texto sin cifrar que pueden ser leídas por parte de un usuario local. ID de IBM X-Force: 166627. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166627 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4515
https://notcve.org/view.php?id=CVE-2019-4515
24 Sep 2019 — IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. IBM Security Key Lifecycle Manager versiones 3.0 y 3.0.1, es vulnerable a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. ID de IBM X-Force: 16513... • https://exchange.xforce.ibmcloud.com/vulnerabilities/165137 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4565
https://notcve.org/view.php?id=CVE-2019-4565
20 Sep 2019 — IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. IBM Security Key Lifecycle Manager versiones 3.0 y 3.0.1, no requiere que los usuarios deban tener contraseñas seguras por defecto, lo que hace más fácil para los atacantes comprometer las cuentas de los usuarios. ID de IBM X-Force: 166626. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166626 • CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1751
https://notcve.org/view.php?id=CVE-2018-1751
23 Jan 2019 — IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512. IBM Security Key Lifecycle Manager, desde la versión 3.1 hasta la 3.0.0.2, emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 148512. • http://www.ibm.com/support/docview.wss?uid=ibm10791829 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1744
https://notcve.org/view.php?id=CVE-2018-1744
15 Oct 2018 — IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423. IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7 y 3.0 podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto pun... • https://exchange.xforce.ibmcloud.com/vulnerabilities/148423 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1747
https://notcve.org/view.php?id=CVE-2018-1747
15 Oct 2018 — IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428. Las versiones 2.5, 2.6, 2.7 y 3.0 de IBM Security Key Lifecycle Manager son vulnerables a ataques XXE (XML External Entity) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sen... • https://exchange.xforce.ibmcloud.com/vulnerabilities/148428 • CWE-611: Improper Restriction of XML External Entity Reference •