Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-15 | CVE-2021-38976 | Insufficiently Protected Credentials vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2021-11-15 | CVE-2021-38977 | Missing Encryption of Sensitive Data vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2021-11-15 | CVE-2021-38978 | Cleartext Transmission of Sensitive Information vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2021-11-15 | CVE-2021-38981 | Information Exposure Through an Error Message vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2021-11-15 | CVE-2021-38982 | Cross-site Scripting vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. | 5.4 |
| 2021-11-12 | CVE-2020-4140 | Cross-site Scripting vulnerability in IBM Security Siteprotector System 3.1.1.0 IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. | 5.4 |
| 2021-11-12 | CVE-2020-4146 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Siteprotector System 3.1.1.0 IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. | 5.3 |
| 2021-11-12 | CVE-2021-38972 | Improper Input Validation vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | 4.3 |
| 2021-11-12 | CVE-2021-38985 | Improper Input Validation vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | 4.3 |
| 2021-11-10 | CVE-2021-38887 | Unspecified vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. | 6.5 |