70 matches found
CVE-2020-4568
Summary of CVE-2020-4568 (IBM Tivoli Key Lifecycle Manager) : Affected products are IBM Security Key Lifecycle Manager (KLM) versions 3.0, 3.0.1, and 4.0. The root cause is storing user credentials in plain text that can be read by a local user. IBM’s bulletin confirms an information disclosure r...
CVE-2020-4569
Summary: CVE-2020-4569 affects IBM Security Key Lifecycle Manager (SKLM) 4.0 and 3.0.1. The vulnerability involves a protection mechanism that relies on an input’s existence/values, which an untrusted actor can modify to bypass the protection. Affected products/versions: IBM Security Key Lifecycl...
CVE-2016-6117
The CVE-2016-6117 issue affects IBM Security Key Lifecycle Manager (KLM): Tivoli Key Lifecycle Manager 2.5 (2.5.0.x up to 2.5.0.7) and 2.6 (2.6.0.x up to 2.6.0.2) can be deployed with active debugging code that may disclose sensitive information. The root cause is the presence of debugging code i...
CVE-2021-38975
CVE-2021-38975 describes an information-exposure vulnerability in IBM Security Key Lifecycle Manager / Tivoli Key Lifecycle Manager. The IBM Security Guardium Key Lifecycle Manager product line (TKLM) versions 3.0–4.0.x and 4.1.x allow an authenticated user to obtain sensitive information via a s...
CVE-2014-0872
CVE-2014-0872 affects IBM Security Key Lifecycle Manager 2.5. The installation process stores unencrypted credentials, which could allow local users with root access to obtain sensitive information. CVSSv3 indicates MEDIUM severity (4.1) with HIGH confidentiality impact; no exploit details are pr...
CVE-2016-6097
IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) is affected by CVE-2016-6097. Affected products/versions: Tivoli Key Lifecycle Manager 2.0.1–2.0.1.8; Security Key Lifecycle Manager 2.5–2.5.0.7; Security Key Lifecycle Manager 2.6–2.6.0.2. Issue: web pages containing sens...
CVE-2018-1750
CVE-2018-1750 affects IBM Security Key Lifecycle Manager (SKLM) with vulnerability in permissions on a security-critical resource that allows read/modify by unintended actors. Affected SKLM versions include 3.0-3.0.0.1, 2.7-2.7.0.4, and 2.6-2.6.0.5. IBM’s bulletin (and X-Force reference) confirms...
CVE-2020-4574
CVE-2020-4574 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager). The root issue is that by default the product does not require sufficiently strong passwords, enabling easier account compromises. Affected versions include 4.0 and 3.0.1. Remediation is provided in ...
CVE-2021-38977
Summary: CVE-2021-38977 affects IBM Tivoli Key Lifecycle Manager (TKLM) versions 3.0–4.1. The vulnerability arises because authorization tokens and session cookies are not marked with the Secure attribute, enabling an attacker to capture cookie values by persuading a user to visit an http (non-HT...
CVE-2016-6103
IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) versions 2.5 and 2.6 are affected by a cross-site request forgery (CSRF) vulnerability. The vulnerability affects 2.5 up to 2.5.0.7 and 2.6 up to 2.6.0.2, enabling an attacker to perform malicious, unauthorized actions tra...
CVE-2019-4515
CVE-2019-4515 affects IBM Security Key Lifecycle Manager (SKLM) 3.0–3.0.1. The vulnerability is a Cross-Site Request Forgery (CSRF) that could allow an attacker to perform unauthorized actions on behalf of a trusted user. Affected SKLM versions include 3.0.x up to 3.0.0.2 and 3.0.1 up to 3.0.1.1....
CVE-2020-4573
The IBM Security Key Lifecycle Manager (SKLM) is affected in CVE-2020-4573 for releases 4.0 and 3.0.1, where an information disclosure could occur by responding to unauthenticated HTTP requests. The IBM advisory (IBM Security Key Lifecycle Manager) confirms fixes in 4.0.0-ISS-SKLM-FP0002 and 3.0....
CVE-2021-38973
CVE-2021-38973 affects IBM Security Key Lifecycle Manager / IBM Security Guardium Key Lifecycle Manager. The vulnerability stems from hazardous input validation where the software accepts input without properly verifying required properties. Affected versions include TKLM/Guardium TKLM 3.0 (up to...
CVE-2017-1671
CVE-2017-1671 affects IBM Security Key Lifecycle Manager (Tivoli Key Lifecycle Manager) with a path traversal vulnerability in versions 2.5–2.5.0.8, 2.6–2.6.0.3, and 2.7–2.7.0.2. A remote attacker can trigger directory traversal by crafting URL requests containing dot-dot sequences (/../) to view...
CVE-2018-1751
CVE-2018-1751 affects IBM Security Key Lifecycle Manager (SKLM) versions 3.0 through 3.0.0.2, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. IBM’s bulletin also notes affected ranges up to 3.0.0.3 and 3.0.1.2. Mitigations docum...
CVE-2018-1753
CVE-2018-1753 affects IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) versions 2.6 (2.6.0.4), 2.7 (2.7.0.3), and 3.0 (3.0.0.1). The vulnerability arises from an error message that exposes sensitive information about the environment, users, or associated data. Impact is ...
CVE-2020-4845
IBM Security Key Lifecycle Manager (KL M) versions 3.0.1 and 4.0 are affected by a cross-site scripting (XSS) vulnerability in the Web UI, enabling injection of arbitrary JavaScript code that could alter functionality and potentially lead to credentials disclosure within a trusted session. The CV...
CVE-2021-38984
CVE-2021-38984 affects IBM Security Key Lifecycle Manager / IBM Security Guardium Key Lifecycle Manager (TKLM) with weaker-than-expected encryption allowing decryption of sensitive data. Affected: TKLM 3.0 (3.0.0.4 and 3.0.1.x up to 3.0.1.5), TKLM 4.0 (up to 4.0.0.3), GKLM 4.1 (4.1.0–4.1.0.1 and ...
CVE-2018-1743
CVE-2018-1743 affects IBM Security Key Lifecycle Manager. The vulnerability exposes sensitive information to unauthorized users, enabling information disclosure that could support further system attacks. Affected products and versions: IBM Security Key Lifecycle Manager v2.6 (up to 2.6.0.4), v2.7...
CVE-2021-38976
IBM Tivoli Key Lifecycle Manager stores user credentials in plaintext, enabling local access to read them. Affected: TKLM 3.0–4.0 (including 3.0.x, 3.0.1, 4.0) and Guardium Key Lifecycle Manager 4.1.0–4.1.1. The issue stems from cleartext storage of credentials. Remediation: upgrade to 4.1.1 - Fi...