Security Key Lifecycle Manager@4.1 Security Vulnerabilities and Issues — Security Key Lifecycle Manager@4.1 CVE List

Lucene search

IbmSecurity Key Lifecycle Manager4.1

17 matches found

CVE•added 2023/03/21 3:15 p.m.•55 views

CVE-2023-25687

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602.

4.3CVSS4.1AI score0.00082EPSS

CVE•added 2023/03/21 5:15 p.m.•50 views

CVE-2023-25684

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597.

9.8CVSS8.1AI score0.00039EPSS

CVE•added 2023/03/22 6:15 a.m.•50 views

CVE-2023-25688

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247606.

5.3CVSS4.8AI score0.00056EPSS

CVE•added 2023/03/22 6:15 a.m.•48 views

CVE-2023-25924

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630.

8.8CVSS6.7AI score0.00049EPSS

CVE•added 2023/03/21 4:15 p.m.•45 views

CVE-2023-25686

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601.

6.2CVSS5.2AI score0.0002EPSS

CVE•added 2023/03/21 3:15 p.m.•45 views

CVE-2023-25689

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 24761...

5.3CVSS4.5AI score0.00028EPSS

CVE•added 2021/11/15 4:15 p.m.•39 views

CVE-2021-38974

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779.

6.5CVSS6.2AI score0.00236EPSS

CVE•added 2021/11/15 4:15 p.m.•38 views

CVE-2021-38981

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788.

5.3CVSS4.8AI score0.00124EPSS

CVE•added 2021/11/15 4:15 p.m.•38 views

CVE-2021-38982

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Fo...

5.4CVSS5.2AI score0.00215EPSS

CVE•added 2021/11/15 4:15 p.m.•36 views

CVE-2021-38978

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle tech...

5.9CVSS5.4AI score0.00078EPSS

CVE•added 2021/11/15 4:15 p.m.•35 views

CVE-2021-38975

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780.

6.5CVSS6AI score0.00099EPSS

CVE•added 2021/11/15 4:15 p.m.•35 views

CVE-2021-38979

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.

7.5CVSS7.2AI score0.00088EPSS

CVE•added 2021/11/15 4:15 p.m.•35 views

CVE-2021-38983

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792.

7.5CVSS7.2AI score0.00102EPSS

CVE•added 2021/11/15 4:15 p.m.•34 views

CVE-2021-38977

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to ...

4.3CVSS4.1AI score0.00133EPSS

CVE•added 2023/03/21 4:15 p.m.•34 views

CVE-2023-25923

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629.

7.5CVSS5.4AI score0.00035EPSS

CVE•added 2021/11/15 4:15 p.m.•28 views

CVE-2021-38976

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781.

6.2CVSS5.1AI score0.00038EPSS

CVE•added 2021/11/15 4:15 p.m.•26 views

CVE-2021-38984

7.5CVSS7.2AI score0.00097EPSS