Lucene search
+L
IbmSecurity Key Lifecycle Manager

70 matches found

CVE
CVE
added 2020/11/10 2:50 p.m.49 views

CVE-2020-4568

Summary of CVE-2020-4568 (IBM Tivoli Key Lifecycle Manager) : Affected products are IBM Security Key Lifecycle Manager (KLM) versions 3.0, 3.0.1, and 4.0. The root cause is storing user credentials in plain text that can be read by a local user. IBM’s bulletin confirms an information disclosure r...

6.3CVSS5.1AI score0.00676EPSS
CVE
CVE
added 2020/07/29 2:5 p.m.49 views

CVE-2020-4569

Summary: CVE-2020-4569 affects IBM Security Key Lifecycle Manager (SKLM) 4.0 and 3.0.1. The vulnerability involves a protection mechanism that relies on an input’s existence/values, which an untrusted actor can modify to bypass the protection. Affected products/versions: IBM Security Key Lifecycl...

6.5CVSS6.8AI score0.0117EPSS
CVE
CVE
added 2017/02/01 9:0 p.m.48 views

CVE-2016-6117

The CVE-2016-6117 issue affects IBM Security Key Lifecycle Manager (KLM): Tivoli Key Lifecycle Manager 2.5 (2.5.0.x up to 2.5.0.7) and 2.6 (2.6.0.x up to 2.6.0.2) can be deployed with active debugging code that may disclose sensitive information. The root cause is the presence of debugging code i...

5.3CVSS5.6AI score0.01643EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.48 views

CVE-2021-38975

CVE-2021-38975 describes an information-exposure vulnerability in IBM Security Key Lifecycle Manager / Tivoli Key Lifecycle Manager. The IBM Security Guardium Key Lifecycle Manager product line (TKLM) versions 3.0–4.0.x and 4.1.x allow an authenticated user to obtain sensitive information via a s...

6.5CVSS6AI score0.00935EPSS
CVE
CVE
added 2018/04/25 8:0 p.m.47 views

CVE-2014-0872

CVE-2014-0872 affects IBM Security Key Lifecycle Manager 2.5. The installation process stores unencrypted credentials, which could allow local users with root access to obtain sensitive information. CVSSv3 indicates MEDIUM severity (4.1) with HIGH confidentiality impact; no exploit details are pr...

4.1CVSS3.8AI score0.00281EPSS
CVE
CVE
added 2017/02/07 4:0 p.m.47 views

CVE-2016-6097

IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) is affected by CVE-2016-6097. Affected products/versions: Tivoli Key Lifecycle Manager 2.0.1–2.0.1.8; Security Key Lifecycle Manager 2.5–2.5.0.7; Security Key Lifecycle Manager 2.6–2.6.0.2. Issue: web pages containing sens...

4CVSS4AI score0.00337EPSS
CVE
CVE
added 2018/10/08 3:0 p.m.47 views

CVE-2018-1750

CVE-2018-1750 affects IBM Security Key Lifecycle Manager (SKLM) with vulnerability in permissions on a security-critical resource that allows read/modify by unintended actors. Affected SKLM versions include 3.0-3.0.0.1, 2.7-2.7.0.4, and 2.6-2.6.0.5. IBM’s bulletin (and X-Force reference) confirms...

8.1CVSS7.4AI score0.00675EPSS
CVE
CVE
added 2020/07/29 2:5 p.m.47 views

CVE-2020-4574

CVE-2020-4574 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager). The root issue is that by default the product does not require sufficiently strong passwords, enabling easier account compromises. Affected versions include 4.0 and 3.0.1. Remediation is provided in ...

7.5CVSS7.7AI score0.01899EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.47 views

CVE-2021-38977

Summary: CVE-2021-38977 affects IBM Tivoli Key Lifecycle Manager (TKLM) versions 3.0–4.1. The vulnerability arises because authorization tokens and session cookies are not marked with the Secure attribute, enabling an attacker to capture cookie values by persuading a user to visit an http (non-HT...

4.3CVSS4.1AI score0.00515EPSS
CVE
CVE
added 2017/02/02 10:0 p.m.46 views

CVE-2016-6103

IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) versions 2.5 and 2.6 are affected by a cross-site request forgery (CSRF) vulnerability. The vulnerability affects 2.5 up to 2.5.0.7 and 2.6 up to 2.6.0.2, enabling an attacker to perform malicious, unauthorized actions tra...

8.8CVSS8.5AI score0.00554EPSS
CVE
CVE
added 2019/09/24 1:50 p.m.46 views

CVE-2019-4515

CVE-2019-4515 affects IBM Security Key Lifecycle Manager (SKLM) 3.0–3.0.1. The vulnerability is a Cross-Site Request Forgery (CSRF) that could allow an attacker to perform unauthorized actions on behalf of a trusted user. Affected SKLM versions include 3.0.x up to 3.0.0.2 and 3.0.1 up to 3.0.1.1....

6.5CVSS6.3AI score0.00498EPSS
CVE
CVE
added 2020/07/29 2:5 p.m.46 views

CVE-2020-4573

The IBM Security Key Lifecycle Manager (SKLM) is affected in CVE-2020-4573 for releases 4.0 and 3.0.1, where an information disclosure could occur by responding to unauthenticated HTTP requests. The IBM advisory (IBM Security Key Lifecycle Manager) confirms fixes in 4.0.0-ISS-SKLM-FP0002 and 3.0....

5.3CVSS5.9AI score0.0128EPSS
CVE
CVE
added 2021/11/12 3:20 p.m.46 views

CVE-2021-38973

CVE-2021-38973 affects IBM Security Key Lifecycle Manager / IBM Security Guardium Key Lifecycle Manager. The vulnerability stems from hazardous input validation where the software accepts input without properly verifying required properties. Affected versions include TKLM/Guardium TKLM 3.0 (up to...

4CVSS3.8AI score0.00574EPSS
CVE
CVE
added 2018/01/09 8:0 p.m.45 views

CVE-2017-1671

CVE-2017-1671 affects IBM Security Key Lifecycle Manager (Tivoli Key Lifecycle Manager) with a path traversal vulnerability in versions 2.5–2.5.0.8, 2.6–2.6.0.3, and 2.7–2.7.0.2. A remote attacker can trigger directory traversal by crafting URL requests containing dot-dot sequences (/../) to view...

7.5CVSS7.3AI score0.02712EPSS
CVE
CVE
added 2019/01/23 4:0 p.m.45 views

CVE-2018-1751

CVE-2018-1751 affects IBM Security Key Lifecycle Manager (SKLM) versions 3.0 through 3.0.0.2, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. IBM’s bulletin also notes affected ranges up to 3.0.0.3 and 3.0.1.2. Mitigations docum...

7.5CVSS7.2AI score0.01325EPSS
CVE
CVE
added 2018/10/08 3:0 p.m.45 views

CVE-2018-1753

CVE-2018-1753 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) versions 2.6 (2.6.0.4), 2.7 (2.7.0.3), and 3.0 (3.0.0.1). The vulnerability arises from an error message that exposes sensitive information about the environment, users, or associated data. Impact is ...

4.3CVSS4.6AI score0.00976EPSS
CVE
CVE
added 2020/12/17 6:40 p.m.44 views

CVE-2020-4845

IBM Security Key Lifecycle Manager (KL M) versions 3.0.1 and 4.0 are affected by a cross-site scripting (XSS) vulnerability in the Web UI, enabling injection of arbitrary JavaScript code that could alter functionality and potentially lead to credentials disclosure within a trusted session. The CV...

5.4CVSS5.6AI score0.00554EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.44 views

CVE-2021-38984

CVE-2021-38984 affects IBM Security Key Lifecycle Manager / IBM Security Guardium Key Lifecycle Manager (TKLM) with weaker-than-expected encryption allowing decryption of sensitive data. Affected: TKLM 3.0 (3.0.0.4 and 3.0.1.x up to 3.0.1.5), TKLM 4.0 (up to 4.0.0.3), GKLM 4.1 (4.1.0–4.1.0.1 and ...

7.5CVSS7.2AI score0.00613EPSS
CVE
CVE
added 2018/10/08 3:0 p.m.43 views

CVE-2018-1743

CVE-2018-1743 affects IBM Security Key Lifecycle Manager. The vulnerability exposes sensitive information to unauthorized users, enabling information disclosure that could support further system attacks. Affected products and versions: IBM Security Key Lifecycle Manager v2.6 (up to 2.6.0.4), v2.7...

5.3CVSS5.1AI score0.01301EPSS
CVE
CVE
added 2021/11/15 3:35 p.m.43 views

CVE-2021-38976

IBM Tivoli Key Lifecycle Manager stores user credentials in plaintext, enabling local access to read them. Affected: TKLM 3.0–4.0 (including 3.0.x, 3.0.1, 4.0) and Guardium Key Lifecycle Manager 4.1.0–4.1.1. The issue stems from cleartext storage of credentials. Remediation: upgrade to 4.1.1 - Fi...

6.2CVSS5.1AI score0.0023EPSS
Total number of security vulnerabilities70