Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Security_key_lifecycle_manager
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 70 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-10-15 | CVE-2018-1747 | IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428. | Security_key_lifecycle_manager | 7.1 | ||
| 2018-10-15 | CVE-2018-1744 | IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423. | Security_key_lifecycle_manager | 6.5 | ||
| 2018-10-08 | CVE-2018-1743 | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 148422. | Security_key_lifecycle_manager | 5.3 | ||
| 2018-10-08 | CVE-2018-1742 | IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421. | Security_key_lifecycle_manager | 9.3 | ||
| 2018-10-11 | CVE-2018-1738 | IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907. | Security_key_lifecycle_manager | 7.1 | ||
| 2018-01-04 | CVE-2017-1665 | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559. | Debian_linux, Security_key_lifecycle_manager | 5.9 | ||
| 2018-01-04 | CVE-2017-1727 | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869. | Security_key_lifecycle_manager | 4.3 | ||
| 2018-01-04 | CVE-2017-1673 | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640. | Security_key_lifecycle_manager | 6.1 | ||
| 2018-01-04 | CVE-2017-1672 | IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639. | Security_key_lifecycle_manager | 8.8 | ||
| 2018-01-09 | CVE-2017-1671 | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638. | Security_key_lifecycle_manager | 7.5 |