VYPR

Security Key Lifecycle Manager

by IBM

CVEs (90)

  • CVE-2016-6099MedFeb 2, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.

  • CVE-2016-6117MedFeb 1, 2017
    risk 0.35cvss 5.3epss 0.02

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information.

  • CVE-2026-1726MedApr 23, 2026
    risk 0.31cvss 4.8epss 0.00

    IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change…

  • CVE-2018-1753MedOct 8, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514.

  • CVE-2018-1749MedOct 8, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484.

  • CVE-2017-1727MedJan 4, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

  • CVE-2016-6094MedFeb 7, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.

  • CVE-2018-1750MedOct 8, 2018
    risk 0.27cvss 4.2epss 0.01

    IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511.

  • CVE-2014-0872MedApr 25, 2018
    risk 0.27cvss 4.1epss 0.00

    The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988.

  • CVE-2016-6097MedFeb 7, 2017
    risk 0.26cvss 4.0epss 0.00

    IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2017-1669LowJan 4, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636.

  • CVE-2016-6102LowMar 27, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359.

  • CVE-2024-49816Dec 17, 2024
    risk 0.00cvss epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user.

  • CVE-2024-49820Dec 17, 2024
    risk 0.00cvss epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive…

  • CVE-2024-49819Dec 17, 2024
    risk 0.00cvss epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

  • CVE-2024-49818Dec 17, 2024
    risk 0.00cvss epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2024-49817Dec 17, 2024
    risk 0.00cvss epss 0.00

    IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.

  • CVE-2023-25921Feb 29, 2024
    risk 0.00cvss epss 0.01

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.

  • CVE-2023-25926Feb 29, 2024
    risk 0.00cvss epss 0.01

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. …

  • CVE-2023-25925Feb 28, 2024
    risk 0.00cvss epss 0.01

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.

Page 2 of 5