CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1751
https://notcve.org/view.php?id=CVE-2018-1751
IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512. IBM Security Key Lifecycle Manager, desde la versión 3.1 hasta la 3.0.0.2, emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 148512. • http://www.ibm.com/support/docview.wss?uid=ibm10791829 http://www.securityfocus.com/bid/106734 https://exchange.xforce.ibmcloud.com/vulnerabilities/148512 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1744
https://notcve.org/view.php?id=CVE-2018-1744
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423. IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7 y 3.0 podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto punto" (/../) para visualizar archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/148423 https://www.ibm.com/support/docview.wss?uid=ibm10733353 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1747
https://notcve.org/view.php?id=CVE-2018-1747
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428. Las versiones 2.5, 2.6, 2.7 y 3.0 de IBM Security Key Lifecycle Manager son vulnerables a ataques XXE (XML External Entity) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/148428 https://www.ibm.com/support/docview.wss?uid=ibm10733429 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1738
https://notcve.org/view.php?id=CVE-2018-1738
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907. IBM Security Key Lifecycle Manager 2.6, 2.7 y 3.0 podría permitir que un usuario autenticado obtenga información altamente sensible o comprometa la integridad del sistema debido a mecanismos de autenticación incorrectos. IBM X-Force ID: 147907. • http://www.ibm.com/support/docview.wss?uid=ibm10733309 https://exchange.xforce.ibmcloud.com/vulnerabilities/147907 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1745
https://notcve.org/view.php?id=CVE-2018-1745
IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424. IBM Security Key Lifecycle Manager 2.7 y 3.0 podría permitir que un usuario no autenticado reinicie el servidor SKLM debido a la falta de autenticación. IBM X-Force ID: 148424. • http://www.securityfocus.com/bid/105554 https://exchange.xforce.ibmcloud.com/vulnerabilities/148424 https://www.ibm.com/support/docview.wss?uid=ibm10733355 • CWE-306: Missing Authentication for Critical Function •