CVE-2016-6099
https://notcve.org/view.php?id=CVE-2016-6099
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 revela información sensible a usuarios no autorizados. La información se puede utilizar para montar ataques adicionales en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21997924 http://www.securityfocus.com/bid/95958 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6095
https://notcve.org/view.php?id=CVE-2016-6095
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto forzar las credenciales de la cuenta. • http://www.ibm.com/support/docview.wss?uid=swg21997802 http://www.securityfocus.com/bid/95965 • CWE-284: Improper Access Control •
CVE-2016-6116
https://notcve.org/view.php?id=CVE-2016-6116
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 podría permitir a un atacante remoto obtener información sensible, provocado por el error al habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible utilizando técnicas man-in-the-middle. • http://www.ibm.com/support/docview.wss?uid=swg21997805 http://www.securityfocus.com/bid/95966 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6117
https://notcve.org/view.php?id=CVE-2016-6117
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 puede ser implementado con código de depuración activo que puede revelar información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21997983 http://www.securityfocus.com/bid/95905 http://www.securitytracker.com/id/1037764 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6105
https://notcve.org/view.php?id=CVE-2016-6105
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 no realiza una comprobación de autenticación para un recurso crítico o funcionalidad que permite a los usuarios anónimos acceder a áreas protegidas. • http://www.ibm.com/support/docview.wss?uid=swg21997741 http://www.securityfocus.com/bid/95904 http://www.securitytracker.com/id/1037763 • CWE-284: Improper Access Control •