CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-38972
https://notcve.org/view.php?id=CVE-2021-38972
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. IBM Tivoli Key Lifecycle Manager versiones 3.0, 3.0.1, 4.0 y 4.1, recibe entradas o datos, pero no comprueba o comprueba incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos de forma segura y correcta • https://exchange.xforce.ibmcloud.com/vulnerabilities/212775 https://www.ibm.com/support/pages/node/6515530 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4568
https://notcve.org/view.php?id=CVE-2020-4568
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157. IBM Tivoli Key Lifecycle Manager versiones 3.0, 3.0.1 y 4.0, almacena las credenciales de usuario en texto plano y sin cifrar que puede ser leído por un usuario local. ID de IBM X-Force: 184157 • https://exchange.xforce.ibmcloud.com/vulnerabilities/184157 https://www.ibm.com/support/pages/node/6365305 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4564
https://notcve.org/view.php?id=CVE-2019-4564
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Key Lifecycle Manager versiones 2.6, 2.7, 3.0 y 3.0.1, es susceptible a una vulnerabilidad de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código arbitrario JavaScript en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166625 https://www.ibm.com/support/pages/node/302001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4514
https://notcve.org/view.php?id=CVE-2019-4514
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136. IBM Security Key Lifecycle Manager versiones 2.6, 2.7, 3.0 y 3.0.1, divulga información confidencial a usuarios no autorizados. La información puede ser usada para montar futuros ataques en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165136 https://www.ibm.com/support/pages/node/302017 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4566
https://notcve.org/view.php?id=CVE-2019-4566
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. IBM Security Key Lifecycle Manager versiones 3.0 y 3.0.1, almacena las credenciales de usuario en texto sin cifrar que pueden ser leídas por parte de un usuario local. ID de IBM X-Force: 166627. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166627 https://www.ibm.com/support/pages/node/1074344 • CWE-312: Cleartext Storage of Sensitive Information •