CVE-2019-4564
https://notcve.org/view.php?id=CVE-2019-4564
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Key Lifecycle Manager versiones 2.6, 2.7, 3.0 y 3.0.1, es susceptible a una vulnerabilidad de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código arbitrario JavaScript en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166625 https://www.ibm.com/support/pages/node/302001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-4514
https://notcve.org/view.php?id=CVE-2019-4514
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136. IBM Security Key Lifecycle Manager versiones 2.6, 2.7, 3.0 y 3.0.1, divulga información confidencial a usuarios no autorizados. La información puede ser usada para montar futuros ataques en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165136 https://www.ibm.com/support/pages/node/302017 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-1744
https://notcve.org/view.php?id=CVE-2018-1744
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423. IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7 y 3.0 podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto punto" (/../) para visualizar archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/148423 https://www.ibm.com/support/docview.wss?uid=ibm10733353 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-1747
https://notcve.org/view.php?id=CVE-2018-1747
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428. Las versiones 2.5, 2.6, 2.7 y 3.0 de IBM Security Key Lifecycle Manager son vulnerables a ataques XXE (XML External Entity) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/148428 https://www.ibm.com/support/docview.wss?uid=ibm10733429 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-1738
https://notcve.org/view.php?id=CVE-2018-1738
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907. IBM Security Key Lifecycle Manager 2.6, 2.7 y 3.0 podría permitir que un usuario autenticado obtenga información altamente sensible o comprometa la integridad del sistema debido a mecanismos de autenticación incorrectos. IBM X-Force ID: 147907. • http://www.ibm.com/support/docview.wss?uid=ibm10733309 https://exchange.xforce.ibmcloud.com/vulnerabilities/147907 • CWE-287: Improper Authentication •