Security Key Lifecycle Manager Security Vulnerabilities and Issues — Security Key Lifecycle Manager CVE List

Lucene search

IbmSecurity Key Lifecycle Manager

13 matches found

CVE•added 2023/03/21 3:15 p.m.•55 views

CVE-2023-25687

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602.

4.3CVSS4.1AI score0.00082EPSS

CVE•added 2017/02/07 4:59 p.m.•44 views

CVE-2016-6094

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.

4.3CVSS4.4AI score0.00312EPSS

CVE•added 2018/01/04 5:29 p.m.•41 views

CVE-2017-1727

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

4.3CVSS4.5AI score0.00177EPSS

CVE•added 2017/03/27 10:59 p.m.•39 views

CVE-2016-6102

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359.

4.3CVSS4.1AI score0.00222EPSS

CVE•added 2021/11/12 4:15 p.m.•38 views

CVE-2021-38985

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

4.3CVSS4.5AI score0.00174EPSS

CVE•added 2018/01/04 5:29 p.m.•37 views

CVE-2017-1669

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636.

4.3CVSS3.8AI score0.00222EPSS

CVE•added 2020/12/17 7:15 p.m.•37 views

CVE-2020-4846

IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190290.

4CVSS4.7AI score0.00223EPSS

CVE•added 2018/04/25 8:29 p.m.•36 views

CVE-2014-0872

The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.

4.1CVSS3.8AI score0.00042EPSS

CVE•added 2021/11/12 4:15 p.m.•35 views

CVE-2021-38972

4.3CVSS4.5AI score0.00174EPSS

CVE•added 2017/02/07 4:59 p.m.•34 views

CVE-2016-6097

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.

4CVSS4AI score0.00058EPSS

CVE•added 2021/11/15 4:15 p.m.•34 views

CVE-2021-38977

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to ...

4.3CVSS4.1AI score0.00133EPSS

CVE•added 2018/10/08 3:29 p.m.•33 views

CVE-2018-1753

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514.

4.3CVSS4.6AI score0.00119EPSS

CVE•added 2021/11/12 4:15 p.m.•31 views

CVE-2021-38973

4CVSS3.8AI score0.00178EPSS