CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4564
https://notcve.org/view.php?id=CVE-2019-4564
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Key Lifecycle Manager versiones 2.6, 2.7, 3.0 y 3.0.1, es susceptible a una vulnerabilidad de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código arbitrario JavaScript en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166625 https://www.ibm.com/support/pages/node/302001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4514
https://notcve.org/view.php?id=CVE-2019-4514
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136. IBM Security Key Lifecycle Manager versiones 2.6, 2.7, 3.0 y 3.0.1, divulga información confidencial a usuarios no autorizados. La información puede ser usada para montar futuros ataques en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165136 https://www.ibm.com/support/pages/node/302017 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4566
https://notcve.org/view.php?id=CVE-2019-4566
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. IBM Security Key Lifecycle Manager versiones 3.0 y 3.0.1, almacena las credenciales de usuario en texto sin cifrar que pueden ser leídas por parte de un usuario local. ID de IBM X-Force: 166627. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166627 https://www.ibm.com/support/pages/node/1074344 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4515
https://notcve.org/view.php?id=CVE-2019-4515
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. IBM Security Key Lifecycle Manager versiones 3.0 y 3.0.1, es vulnerable a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. ID de IBM X-Force: 165137. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165137 https://www.ibm.com/support/pages/node/290671 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4565
https://notcve.org/view.php?id=CVE-2019-4565
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. IBM Security Key Lifecycle Manager versiones 3.0 y 3.0.1, no requiere que los usuarios deban tener contraseñas seguras por defecto, lo que hace más fácil para los atacantes comprometer las cuentas de los usuarios. ID de IBM X-Force: 166626. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166626 https://www.ibm.com/support/pages/security-bulletin-ibm-security-key-lifecycle-manager-uses-weak-password-policy-cve-2019-4565 • CWE-521: Weak Password Requirements •