CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6116
https://notcve.org/view.php?id=CVE-2016-6116
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 podría permitir a un atacante remoto obtener información sensible, provocado por el error al habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible utilizando técnicas man-in-the-middle. • http://www.ibm.com/support/docview.wss?uid=swg21997805 http://www.securityfocus.com/bid/95966 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6103
https://notcve.org/view.php?id=CVE-2016-6103
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 es vulnerable a la falsificación de solicitudes de sitios cruzados, lo que podría permitir a un atacante ejecutar acciones malintencionadas y no autorizadas transmitidas por un usuario en el que confía el sitio web. • http://www.ibm.com/support/docview.wss?uid=swg21997949 http://www.securityfocus.com/bid/95950 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6099
https://notcve.org/view.php?id=CVE-2016-6099
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 revela información sensible a usuarios no autorizados. La información se puede utilizar para montar ataques adicionales en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21997924 http://www.securityfocus.com/bid/95958 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6117
https://notcve.org/view.php?id=CVE-2016-6117
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 puede ser implementado con código de depuración activo que puede revelar información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21997983 http://www.securityfocus.com/bid/95905 http://www.securitytracker.com/id/1037764 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6105
https://notcve.org/view.php?id=CVE-2016-6105
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 no realiza una comprobación de autenticación para un recurso crítico o funcionalidad que permite a los usuarios anónimos acceder a áreas protegidas. • http://www.ibm.com/support/docview.wss?uid=swg21997741 http://www.securityfocus.com/bid/95904 http://www.securitytracker.com/id/1037763 • CWE-284: Improper Access Control •