CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-38972
https://notcve.org/view.php?id=CVE-2021-38972
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. IBM Tivoli Key Lifecycle Manager versiones 3.0, 3.0.1, 4.0 y 4.1, recibe entradas o datos, pero no comprueba o comprueba incorrectamente que la entrada presenta las propiedades necesarias para procesar los datos de forma segura y correcta • https://exchange.xforce.ibmcloud.com/vulnerabilities/212775 https://www.ibm.com/support/pages/node/6515530 • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4846
https://notcve.org/view.php?id=CVE-2020-4846
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190290. IBM Security Key Lifecycle Manager versiones 3.0.1 y 4.0, podrían permitir a un atacante remoto obtener información confidencial cuando un mensaje de error técnico detallado es devuelto en el navegador. Esta información podría ser usada en nuevos ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/190290 https://www.ibm.com/support/pages/node/6253781 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4845
https://notcve.org/view.php?id=CVE-2020-4845
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190289. IBM Security Key Lifecycle Manager versiones 3.0.1 y 4.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/190289 https://www.ibm.com/support/pages/node/6253781 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4568
https://notcve.org/view.php?id=CVE-2020-4568
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157. IBM Tivoli Key Lifecycle Manager versiones 3.0, 3.0.1 y 4.0, almacena las credenciales de usuario en texto plano y sin cifrar que puede ser leído por un usuario local. ID de IBM X-Force: 184157 • https://exchange.xforce.ibmcloud.com/vulnerabilities/184157 https://www.ibm.com/support/pages/node/6365305 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4574
https://notcve.org/view.php?id=CVE-2020-4574
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 184181. IBM Tivoli Key Lifecycle Manager, no requiere que los usuarios deban tener contraseñas seguras por defecto, lo que facilita a atacantes comprometer cuentas de usuario. IBM X-Force ID: 184181 • https://exchange.xforce.ibmcloud.com/vulnerabilities/184181 https://www.ibm.com/support/pages/node/6253781 • CWE-521: Weak Password Requirements •