Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6093 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-06-13 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
CVE-2016-6098 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-06-13 | 5.5 MEDIUM | 8.1 HIGH |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | |||||
CVE-2016-6096 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-02-09 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2016-6092 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-02-09 | 2.1 LOW | 6.2 MEDIUM |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. | |||||
CVE-2016-6094 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-02-09 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. | |||||
CVE-2016-6097 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-02-09 | 2.1 LOW | 4.0 MEDIUM |
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. |