6 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM Tivoli Key Lifecycle Manager no requiere que los usuarios tengan contraseñas seguras por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario. • http://www.ibm.com/support/docview.wss?uid=swg21997956 http://www.securityfocus.com/bid/95985 https://exchange.xforce.ibmcloud.com/vulnerabilities/118172 • CWE-255: Credentials Management Errors •

CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 0

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM Tivoli Key Lifecycle Manager versiones 2.0.1, 2.5 y 2.6 especifica permisos para un recurso crítico de seguridad de una manera que permite que el recurso sea leído o modificado por actores no deseados. • http://www.ibm.com/support/docview.wss?uid=swg21997958 http://www.securityfocus.com/bid/95982 https://exchange.xforce.ibmcloud.com/vulnerabilities/118254 • CWE-284: Improper Access Control •

CVSS: 6.2EPSS: 0%CPEs: 20EXPL: 0

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 almacena credenciales de usuario en claro en texto plano que puede ser leído por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21997953 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 genera un mensaje de error que incluye información sensible acerca de su entorno, usuarios o datos asociados. • http://www.ibm.com/support/docview.wss?uid=swg21997987 http://www.securityfocus.com/bid/95984 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21997984 http://www.securityfocus.com/bid/95983 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •