Lucene search

Tivoli Key Lifecycle Manager Security Vulnerabilities

cve

CVE-2016-6092

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.

6.2CVSS

6.2AI Score

0.001EPSS

2017-02-07 04:59 PM

cve

CVE-2016-6093

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

9.8CVSS

9.2AI Score

0.003EPSS

2017-06-08 09:29 PM

cve

CVE-2016-6094

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.

4.3CVSS

4.4AI Score

0.0005EPSS

2017-02-07 04:59 PM

cve

CVE-2016-6096

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1CVSS

6AI Score

0.001EPSS

2017-02-07 04:59 PM

cve

CVE-2016-6097

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.

4CVSS

4AI Score

0.001EPSS

2017-02-07 04:59 PM

cve

CVE-2016-6098

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

8.1CVSS

7.8AI Score

0.001EPSS

2017-06-08 09:29 PM