CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1744
https://notcve.org/view.php?id=CVE-2018-1744
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423. IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7 y 3.0 podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto punto" (/../) para visualizar archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/148423 https://www.ibm.com/support/docview.wss?uid=ibm10733353 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1747
https://notcve.org/view.php?id=CVE-2018-1747
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428. Las versiones 2.5, 2.6, 2.7 y 3.0 de IBM Security Key Lifecycle Manager son vulnerables a ataques XXE (XML External Entity) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/148428 https://www.ibm.com/support/docview.wss?uid=ibm10733429 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0872
https://notcve.org/view.php?id=CVE-2014-0872
The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988. El proceso de instalación en IBM Security Key Lifecycle Manager 2.5 almacena credenciales sin cifrar, lo que podría permitir que usuarios locales obtengan información sensible aprovechando el acceso root. IBM X-Force ID: 90988. • https://exchange.xforce.ibmcloud.com/vulnerabilities/90988 https://www.ibm.com/blogs/psirt/ibm-security-bulletin-unencrypted-credentials-stored-on-ibm-security-key-lifecycle-manager-server-cve-2014-0872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-255: Credentials Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 0CVE-2017-1666
https://notcve.org/view.php?id=CVE-2017-1666
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 133540. Las versiones 2.5, 2.6 y 2.7 de IBM Tivoli Key Lifecycle Manager son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22011970 http://www.securityfocus.com/bid/102434 https://exchange.xforce.ibmcloud.com/vulnerabilities/133560 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2017-1668
https://notcve.org/view.php?id=CVE-2017-1668
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 133562. IBM Tivoli Key Lifecycle Manager 2.5, 2.6 y 2.7 podría permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirección abierta. • http://www.ibm.com/support/docview.wss?uid=swg22012010 http://www.securityfocus.com/bid/102430 https://exchange.xforce.ibmcloud.com/vulnerabilities/133562 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •