VYPR
Get started
← All advisories
Medium severity5.9NVD Advisory· Published Feb 2, 2017· Updated May 13, 2026

CVE-2016-6116

CVE-2016-6116

Description

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Affected products

13
  • IBM/Security Key Lifecycle Manager12 versions
    cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*
  • IBM Corporation/Key Lifecycle Managerv5
    Range: 2.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.