CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1673
https://notcve.org/view.php?id=CVE-2017-1673
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 es vulnerable a ataques Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22012015 http://www.securityfocus.com/bid/102436 https://exchange.xforce.ibmcloud.com/vulnerabilities/133640 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2017-1727
https://notcve.org/view.php?id=CVE-2017-1727
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 revela información sensible en mensajes de error que podría ayudar a un atacante en futuros ataques contra el sistema. IBM X-Force ID: 134869. • http://www.ibm.com/support/docview.wss?uid=swg22012012 http://www.securityfocus.com/bid/102432 https://exchange.xforce.ibmcloud.com/vulnerabilities/134869 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1664
https://notcve.org/view.php?id=CVE-2017-1664
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 133557. • http://www.ibm.com/support/docview.wss?uid=swg22012027 http://www.securityfocus.com/bid/102470 https://exchange.xforce.ibmcloud.com/vulnerabilities/133557 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0CVE-2017-1665
https://notcve.org/view.php?id=CVE-2017-1665
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 133559. • http://www.ibm.com/support/docview.wss?uid=swg22012023 https://exchange.xforce.ibmcloud.com/vulnerabilities/133559 https://www.debian.org/security/2018/dsa-4262 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2017-1669
https://notcve.org/view.php?id=CVE-2017-1669
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 almacena información sensible en parámetros URL. Esto podría llevar a una divulgación de información si partes no autorizadas tienen acceso a las URL mediante registros del servidor, cabeceras referrer o el historial del navegador. • http://www.ibm.com/support/docview.wss?uid=swg21997955 http://www.securityfocus.com/bid/102468 https://exchange.xforce.ibmcloud.com/vulnerabilities/133636 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •