Security Key Lifecycle Manager
by IBM
CVEs (90)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-4514 | 0.00 | — | 0.01 | Oct 4, 2019 | IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136. | |||
| CVE-2019-4566 | 0.00 | — | 0.00 | Sep 24, 2019 | IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627. | |||
| CVE-2019-4515 | 0.00 | — | 0.01 | Sep 24, 2019 | IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. | |||
| CVE-2019-4565 | 0.00 | — | 0.01 | Sep 20, 2019 | IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. | |||
| CVE-2018-1751 | 0.00 | — | 0.01 | Jan 23, 2019 | IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512. | |||
| CVE-2018-1744 | 0.00 | — | 0.03 | Oct 15, 2018 | IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID:… | |||
| CVE-2018-1747 | 0.00 | — | 0.02 | Oct 15, 2018 | IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:… | |||
| CVE-2018-1745 | 0.00 | — | 0.04 | Oct 11, 2018 | IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424. | |||
| CVE-2018-1738 | 0.00 | — | 0.01 | Oct 11, 2018 | IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907. | |||
| CVE-2009-2667 | 0.00 | — | 0.01 | Aug 5, 2009 | Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability." |
- CVE-2019-4514Oct 4, 2019risk 0.00cvss —epss 0.01
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165136.
- CVE-2019-4566Sep 24, 2019risk 0.00cvss —epss 0.00
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.
- CVE-2019-4515Sep 24, 2019risk 0.00cvss —epss 0.01
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137.
- CVE-2019-4565Sep 20, 2019risk 0.00cvss —epss 0.01
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.
- CVE-2018-1751Jan 23, 2019risk 0.00cvss —epss 0.01
IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512.
- CVE-2018-1744Oct 15, 2018risk 0.00cvss —epss 0.03
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID:…
- CVE-2018-1747Oct 15, 2018risk 0.00cvss —epss 0.02
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:…
- CVE-2018-1745Oct 11, 2018risk 0.00cvss —epss 0.04
IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424.
- CVE-2018-1738Oct 11, 2018risk 0.00cvss —epss 0.01
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907.
- CVE-2009-2667Aug 5, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability."
Page 5 of 5