CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2017-1669
https://notcve.org/view.php?id=CVE-2017-1669
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 almacena información sensible en parámetros URL. Esto podría llevar a una divulgación de información si partes no autorizadas tienen acceso a las URL mediante registros del servidor, cabeceras referrer o el historial del navegador. • http://www.ibm.com/support/docview.wss?uid=swg21997955 http://www.securityfocus.com/bid/102468 https://exchange.xforce.ibmcloud.com/vulnerabilities/133636 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1672
https://notcve.org/view.php?id=CVE-2017-1672
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639. IBM Tivoli Key Lifecycle Manager 2.6 y 2.7 es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web confía. IBM X-Force ID: 133639. • http://www.ibm.com/support/docview.wss?uid=swg22012019 https://exchange.xforce.ibmcloud.com/vulnerabilities/133639 • CWE-352: Cross-Site Request Forgery (CSRF) •