CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2016-6094
https://notcve.org/view.php?id=CVE-2016-6094
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 genera un mensaje de error que incluye información sensible acerca de su entorno, usuarios o datos asociados. • http://www.ibm.com/support/docview.wss?uid=swg21997987 http://www.securityfocus.com/bid/95984 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6104
https://notcve.org/view.php?id=CVE-2016-6104
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 podría permitir a un atacante remoto subir archivos arbitrarios, causado por la validación incorrecta de extensiones de archivo, que podría permitir al atacante ejecutar código arbitrario en el sistema vulnerable. • http://www.ibm.com/support/docview.wss?uid=swg21997988 http://www.securityfocus.com/bid/95980 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.0EPSS: 0%CPEs: 20EXPL: 0CVE-2016-6097
https://notcve.org/view.php?id=CVE-2016-6097
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 permite que las páginas web se almacenen localmente de forma que puedan ser leídas por otro usuario en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21997986 http://www.securityfocus.com/bid/95977 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2016-6096
https://notcve.org/view.php?id=CVE-2016-6096
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21997984 http://www.securityfocus.com/bid/95983 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6095
https://notcve.org/view.php?id=CVE-2016-6095
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto forzar las credenciales de la cuenta. • http://www.ibm.com/support/docview.wss?uid=swg21997802 http://www.securityfocus.com/bid/95965 • CWE-284: Improper Access Control •