CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4515
https://notcve.org/view.php?id=CVE-2019-4515
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. IBM Security Key Lifecycle Manager versiones 3.0 y 3.0.1, es vulnerable a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. ID de IBM X-Force: 165137. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165137 https://www.ibm.com/support/pages/node/290671 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4565
https://notcve.org/view.php?id=CVE-2019-4565
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. IBM Security Key Lifecycle Manager versiones 3.0 y 3.0.1, no requiere que los usuarios deban tener contraseñas seguras por defecto, lo que hace más fácil para los atacantes comprometer las cuentas de los usuarios. ID de IBM X-Force: 166626. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166626 https://www.ibm.com/support/pages/security-bulletin-ibm-security-key-lifecycle-manager-uses-weak-password-policy-cve-2019-4565 • CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1751
https://notcve.org/view.php?id=CVE-2018-1751
IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512. IBM Security Key Lifecycle Manager, desde la versión 3.1 hasta la 3.0.0.2, emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 148512. • http://www.ibm.com/support/docview.wss?uid=ibm10791829 http://www.securityfocus.com/bid/106734 https://exchange.xforce.ibmcloud.com/vulnerabilities/148512 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1744
https://notcve.org/view.php?id=CVE-2018-1744
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423. IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7 y 3.0 podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto punto" (/../) para visualizar archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/148423 https://www.ibm.com/support/docview.wss?uid=ibm10733353 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1747
https://notcve.org/view.php?id=CVE-2018-1747
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428. Las versiones 2.5, 2.6, 2.7 y 3.0 de IBM Security Key Lifecycle Manager son vulnerables a ataques XXE (XML External Entity) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/148428 https://www.ibm.com/support/docview.wss?uid=ibm10733429 • CWE-611: Improper Restriction of XML External Entity Reference •