Page 8 of 76 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Key Lifecycle Manager versiones 2.6, 2.7, 3.0 y 3.0.1, es susceptible a una vulnerabilidad de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código arbitrario JavaScript en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166625 https://www.ibm.com/support/pages/node/302001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136. IBM Security Key Lifecycle Manager versiones 2.6, 2.7, 3.0 y 3.0.1, divulga información confidencial a usuarios no autorizados. La información puede ser usada para montar futuros ataques en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165136 https://www.ibm.com/support/pages/node/302017 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. IBM Security Key Lifecycle Manager versiones 3.0 y 3.0.1, almacena las credenciales de usuario en texto sin cifrar que pueden ser leídas por parte de un usuario local. ID de IBM X-Force: 166627. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166627 https://www.ibm.com/support/pages/node/1074344 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. IBM Security Key Lifecycle Manager versiones 3.0 y 3.0.1, es vulnerable a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. ID de IBM X-Force: 165137. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165137 https://www.ibm.com/support/pages/node/290671 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. IBM Security Key Lifecycle Manager versiones 3.0 y 3.0.1, no requiere que los usuarios deban tener contraseñas seguras por defecto, lo que hace más fácil para los atacantes comprometer las cuentas de los usuarios. ID de IBM X-Force: 166626. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166626 https://www.ibm.com/support/pages/security-bulletin-ibm-security-key-lifecycle-manager-uses-weak-password-policy-cve-2019-4565 • CWE-521: Weak Password Requirements •