CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6104
https://notcve.org/view.php?id=CVE-2016-6104
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 podría permitir a un atacante remoto subir archivos arbitrarios, causado por la validación incorrecta de extensiones de archivo, que podría permitir al atacante ejecutar código arbitrario en el sistema vulnerable. • http://www.ibm.com/support/docview.wss?uid=swg21997988 http://www.securityfocus.com/bid/95980 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2016-6094
https://notcve.org/view.php?id=CVE-2016-6094
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 genera un mensaje de error que incluye información sensible acerca de su entorno, usuarios o datos asociados. • http://www.ibm.com/support/docview.wss?uid=swg21997987 http://www.securityfocus.com/bid/95984 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2016-6096
https://notcve.org/view.php?id=CVE-2016-6096
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21997984 http://www.securityfocus.com/bid/95983 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 20EXPL: 0CVE-2016-6097
https://notcve.org/view.php?id=CVE-2016-6097
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 permite que las páginas web se almacenen localmente de forma que puedan ser leídas por otro usuario en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21997986 http://www.securityfocus.com/bid/95977 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6103
https://notcve.org/view.php?id=CVE-2016-6103
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 es vulnerable a la falsificación de solicitudes de sitios cruzados, lo que podría permitir a un atacante ejecutar acciones malintencionadas y no autorizadas transmitidas por un usuario en el que confía el sitio web. • http://www.ibm.com/support/docview.wss?uid=swg21997949 http://www.securityfocus.com/bid/95950 • CWE-352: Cross-Site Request Forgery (CSRF) •