70 matches found
CVE-2019-4564
IBM Security Key Lifecycle Manager (SKLM) is affected by CVE-2019-4564 across versions 2.6–3.0.1. The vulnerability is a cross-site scripting flaw that lets an attacker embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected produ...
CVE-2019-4514
CVE-2019-4514 affects IBM Security Key Lifecycle Manager (SKLM) chassis: vulnerable in versions 2.6–3.0.1 where information can be disclosed to unauthorized users. The disclosed data can be used to mount further attacks on the system, per NVD/IBM entries. The issue is a pure information-disclosur...
CVE-2019-4565
The CVE-2019-4565 issue affects IBM Security Key Lifecycle Manager (SKLM) versions 3.0 through 3.0.1, where a weak default password policy allows potential account compromise. Root cause: the product does not require strong passwords by default. Impact stated across sources indicates user account...
CVE-2017-1665
The CVE-2017-1665 issue affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager), specifically versions 2.5, 2.6, and 2.7, where weaker than expected cryptographic algorithms could allow decryption of sensitive information. IBM’s bulletin confirms the affected ranges and...
CVE-2023-25687
CVE-2023-25687 affects IBM Security Guardium Key Lifecycle Manager (GKLM) versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1. An authenticated user could disclose sensitive information by accessing log files, per IBM’s bulletin and multiple security entries. Root cause details are not elaborated in the pro...
CVE-2023-25688
IBM Security Guardium Key Lifecycle Manager (GKLM) versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 are affected by a path traversal vulnerability that allows a remote attacker to view arbitrary files by sending URL requests containing dot-dot sequences (../). This matches CVE-2023-25688 described in mul...
CVE-2023-25684
Summary: CVE-2023-25684 affects IBM Security Guardium Key Lifecycle Manager (GKLM) components. Affected versions: GKLM 3.0, 3.0.1, 4.0, 4.1, and 4.1.1. Root cause: SQL injection due to insufficient input validation, allowing a remote attacker to send crafted SQL commands to the back-end database....
CVE-2023-25924
IBM Security Guardium Key Lifecycle Manager (GKLM) versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 contain an improper authorization flaw that could allow an authenticated user to perform actions beyond their access. The Red Hat advisory and IBM bulletin confirm the vulnerability under CVE-2023-25924, w...
CVE-2016-6098
CVE-2016-6098 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager). The vulnerability arises from overly permissive permissions on a security‑critical resource, allowing read/modify access by unintended actors. Affected versions are IBM Tivoli/ Security Key Lifecycle...
CVE-2023-25689
CVE-2023-25689 affects IBM Security Guardium Key Lifecycle Manager (GKLM) versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1. The root cause is a path traversal vulnerability that allows a remote attacker to view arbitrary files by sending a crafted URL containing "/.." sequences. The risk is described as ...
CVE-2023-25686
CVE-2023-25686 affects IBM Security Guardium Key Lifecycle Manager (GKLM) versions 3.0–4.1.1, where user credentials are stored in plaintext, enabling local read by an attacker with local access. Red Hat/IBM sources confirm the issue and indicate remediation via GKLM v4.2 upgrade. Practical impac...
CVE-2016-6092
CVE-2016-6092 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager). The vulnerability arises because the product stores user credentials in plaintext, enabling a local attacker to read passwords. Affected versions include IBM Security Key Lifecycle Manager v2.5 (2.5....
CVE-2016-6094
IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Key Lifecycle Manager are affected by CVE-2016-6094 due to an error message that discloses environment, user, or data-related details. Connected IBM Security bulletin specifies affected versions: TKLM 2.0.1 to 2.0.1.8, SKLM 2.5 to 2.5.0.7, ...
CVE-2016-6095
CVE-2016-6095 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) v2.5 (2.5.0.7) and v2.6 (2.6.0.2). Root cause: inadequate account lockout settings that could enable remote brute-force credential attempts. Impact stated: could allow an attacker to guess accounts; C...
CVE-2017-1668
IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) is affected by CVE-2017-1668 due to an open redirect vulnerability that can be exploited by persuading a user to visit a crafted site, allowing URL spoofing and potential access to sensitive information. Affected versions:...
CVE-2020-4567
CVE-2020-4567 affects IBM Security Key Lifecycle Manager 3.0.1 and 4.0, where an inadequate account lockout setting could allow a remote attacker to brute-force credentials. The IBM Security bulletin confirms this vulnerability and states fixes are available: 3.0.1-ISS-SKLM-FP0005 and 4.0.0-ISS-S...
CVE-2017-1670
CVE-2017-1670 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) and is due to a SQL injection in the back-end database. Affected versions: 2.5 (2.5.0.8 and earlier), 2.6 (2.6.0.3 and earlier), and 2.7 (2.7.0.2 and earlier). Impact per sources: attacker could remot...
CVE-2018-1745
IBM Security Key Lifecycle Manager CVE-2018-1745 affects SKLM v2.7 and v3.0, where an unauthenticated user could restart the SKLM server due to missing authentication. The IBM security bulletin and CVE records confirm the affected versions and base score (CVSS v3.0: 7.5, HIGH). Remediation provid...
CVE-2018-1749
IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) is affected by CVE-2018-1749 due to incomplete blacklist-based input validation. Affected versions include IBM Security Key Lifecycle Manager v2.6 (2.6.0.4), v2.7 (2.7.0.3), and v3.0 (3.0.0.1). The root cause is incomplete...
CVE-2016-6093
CVE-2016-6093 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager). Root cause: by default the product does not require strong passwords, enabling easier account compromise. Affected versions include IBM Security Key Lifecycle Manager v2.5–2.5.0.7, v2.6–2.6.0.2, and ...
CVE-2017-1664
Summary: CVE-2017-1664 affects IBM Security Key Lifecycle Manager (Tivoli Key Lifecycle Manager) versions 2.5–2.7. The root cause is use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Impact: Confidentiality of data could b...
CVE-2017-1666
IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) versions 2.5–2.5.0.8, 2.6–2.6.0.3, and 2.7–2.7.0.2 are affected by a XML External Entity (XXE) vulnerability when processing XML data. The root cause is an XXE flaw in XML processing, allowing a remote attacker to potentia...
CVE-2019-4566
IBM Security Key Lifecycle Manager (SKLM) 3.0–3.0.1 stores user credentials in plaintext, readable by a local user. Affected: SKLM on distributed platforms. Root cause: credentials stored unencrypted in storage. Impact: local privilege could expose credentials; CVSS details present in sources (ba...
CVE-2016-6102
CVE-2016-6102 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager). The vulnerability arises because versions 2.5 (2.5.0.7 and earlier) and 2.6 (2.6.0.2 and earlier) store sensitive information in URL parameters, enabling possible information disclosure if URLs are c...
CVE-2017-1727
IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) versions 2.5, 2.6, and 2.7 disclose sensitive information in error messages, potentially aiding attackers in targeted follow-up actions. The CVE-2017-1727 entry is documented with a CVSS v3 base score of 4.3 (vector: CVSS:...
CVE-2018-1744
CVE-2018-1744 affects IBM Security Key Lifecycle Manager (SKLM) 2.5–3.0 and enables a remote attacker to traverse directories via crafted URLs containing dot-dot sequences (/../), allowing viewing of arbitrary files. The IBM bulletin lists affected SKLM versions 2.5 (up to 2.5.0.9), 2.6 (up to 2....
CVE-2020-4846
CVE-2020-4846 affects IBM Security Key Lifecycle Manager 3.0.1 and 4.0. An information disclosure vulnerability could allow a remote attacker to obtain sensitive data via a detailed technical error message returned in the browser. The issue is documented in NVD and CNVD entries and is addressed b...
CVE-2016-6104
IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) versions 2.5 (2.5.0.7 fixes) and 2.6 (2.6.0.2 fixes) are affected by CVE-2016-6104. The root cause is improper validation of file extensions, allowing a remote attacker to upload arbitrary files and potentially execute cod...
CVE-2018-1747
IBM Security Key Lifecycle Manager (versions 2.5–3.0) is affected by CVE-2018-1747 due to an XML External Entity (XXE) vulnerability in the XML processing path. The issue allows a remote attacker to disclose sensitive information or exhaust memory resources. No remediation or patch details are pr...
CVE-2021-38985
IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager are affected by CVE-2021-38985 due to hazardous input validation (input not validated or incorrectly validated). Affected versions include TKLM 3.0–3.0.0.4, 3.0.1–3.0.1.5, 4.0–4.0.0.3, 4.1.0–4.1.0.1, and 4.1.1...
CVE-2016-6105
IBM Tivoli Key Lifecycle Manager (TKLM) versions 2.5 (2.5.0.7) and 2.6 (2.6.0.2) fail to perform an authentication check for a critical resource/function, allowing anonymous access to protected areas. The CVE, CVSS v3.0 vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N, carries a base score of ...
CVE-2018-1738
IBM Security Key Lifecycle Manager vulnerability CVE-2018-1738: an authenticated user could obtain highly sensitive information or jeopardize system integrity due to improper authentication. Affected versions are 2.6 (2.6.0.4), 2.7 (2.7.0.3), and 3.0 (3.0.0.1). The IBM security bulletin provides ...
CVE-2018-1742
CVE-2018-1742 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager). The vulnerability arises from hard-coded credentials (passwords or cryptographic keys) embedded in the software, used for inbound authentication, outbound communication, or data encryption. Affected ...
CVE-2021-38974
IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager are affected by CVE-2021-38974. An authenticated user can cause a denial of service by sending specially crafted HTTP requests, due to improper handling of certain requests (network access, low attack complexi...
CVE-2021-38982
Summary: CVE-2021-38982 affects IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager. Affected versions include TKLM 3.0–3.0.0.4, 3.0.1–3.0.1.5, 4.0–4.0.0.3, and 4.1.0–4.1.0.1, with the vulnerability being a Cross-Site Scripting (XSS) in the Web UI that could al...
CVE-2016-6096
CVE-2016-6096 affects IBM Tivoli Key Lifecycle Manager: cross-site scripting in the Web UI could allow embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affected products/versions per IBM bulletins: Tivoli Key Lifecycle Manager: 2.0.1 up to 2....
CVE-2016-6099
CVE-2016-6099 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) v2.5 (2.5.0.7) and v2.6 (2.6.0.2). The issue is an information disclosure to unauthorized users, which could enable further attacks. CVSS v3 base score 5.3. remediation is available: IBM fixes 2.5.0-I...
CVE-2018-1741
CVE-2018-1741 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) and is caused by the product not properly limiting the number or frequency of interactions, which could lead to a denial of service and potentially affect program logic. Affected versions are IBM Secu...
CVE-2020-4572
The CVE-2020-4572 issue affects IBM Security Key Lifecycle Manager (3.0.1 and 4.0). The root cause is that a detailed technical error message returned by the browser can disclose sensitive information to remote attackers, enabling further exploitation. IBM has released fixes: 3.0.1-ISS-SKLM-FP000...
CVE-2021-38981
The CVE-2021-38981 issue affects IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager, with external access allowing a remote attacker to obtain sensitive information via a detailed technical error message returned in the browser. Affected versions span TKLM 3.0...
CVE-2023-25923
CVE-2023-25923 concerns IBM Security Guardium Key Lifecycle Manager (GKLM) versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1. The Red Hat advisory and IBM security bulletin describe a vulnerability where an attacker could upload files due to incorrect authorization, enabling a denial-of-service condition....
CVE-2016-6116
IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) is affected by CVE-2016-6116 due to missing HTTP Strict Transport Security. A remote attacker could obtain sensitive information through MITM. Affected products/versions: IBM Security Key Lifecycle Manager v2.5 (2.5.0.7 an...
CVE-2017-1672
CVE-2017-1672 affects IBM Security Key Lifecycle Manager (Tivoli) 2.6 (2.6.0.3 fix) and 2.7 (2.7.0.2 fix), with CSRF permitting unauthorized actions from trusted users. Root cause: cross-site request forgery in the web interface. CVSSv3 base score 8.8 (HIGH) per NVD, vector CVSS:3.0/AV:N/AC:L/PR:...
CVE-2017-1673
CVE-2017-1673 affects IBM Security Key Lifecycle Manager (Tivoli KLM) versions 2.5–2.7, with a cross-site scripting vulnerability in the Web UI that can lead to credentials disclosure within a trusted session. IBM security bulletins corroborate XSS in SKLM and provide remediations: upgrade to 2.6...
CVE-2020-4568
Summary of CVE-2020-4568 (IBM Tivoli Key Lifecycle Manager) : Affected products are IBM Security Key Lifecycle Manager (KLM) versions 3.0, 3.0.1, and 4.0. The root cause is storing user credentials in plain text that can be read by a local user. IBM’s bulletin confirms an information disclosure r...
CVE-2020-4569
Summary: CVE-2020-4569 affects IBM Security Key Lifecycle Manager (SKLM) 4.0 and 3.0.1. The vulnerability involves a protection mechanism that relies on an input’s existence/values, which an untrusted actor can modify to bypass the protection. Affected products/versions: IBM Security Key Lifecycl...
CVE-2021-38972
The CVE-2021-38972 issue affects IBM Security Key Lifecycle Manager (TKLM) and IBM Security Guardium Key Lifecycle Manager. The root cause is improper or insufficient input validation in TKLM when handling input/data, as described in IBM’s advisory. Affected versions are TKLM/Guardium KLM 3.0 (up...
CVE-2014-0872
CVE-2014-0872 affects IBM Security Key Lifecycle Manager 2.5. The installation process stores unencrypted credentials, which could allow local users with root access to obtain sensitive information. CVSSv3 indicates MEDIUM severity (4.1) with HIGH confidentiality impact; no exploit details are pr...
CVE-2016-6117
The CVE-2016-6117 issue affects IBM Security Key Lifecycle Manager (KLM): Tivoli Key Lifecycle Manager 2.5 (2.5.0.x up to 2.5.0.7) and 2.6 (2.6.0.x up to 2.6.0.2) can be deployed with active debugging code that may disclose sensitive information. The root cause is the presence of debugging code i...
CVE-2017-1669
IBM Tivoli Key Lifecycle Manager (SKLM) versions 2.5–2.7 store sensitive information in URL parameters, enabling potential information disclosure if URLs are captured in server logs, referer headers, or browser history. Underlying cause is storing sensitive data in URL parameters. Affected versio...