Vulnerabilities > IBM > Security KEY Lifecycle Manager > 2.5.0.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-04 | CVE-2017-1664 | Inadequate Encryption Strength vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 |
2017-06-08 | CVE-2016-6098 | Improper Access Control vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
2017-06-08 | CVE-2016-6093 | Credentials Management vulnerability in IBM products IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
2017-03-27 | CVE-2016-6102 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. | 3.7 |
2017-02-07 | CVE-2016-6104 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. | 7.2 |
2017-02-07 | CVE-2016-6097 | Information Exposure vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. | 4.0 |
2017-02-07 | CVE-2016-6096 | Cross-site Scripting vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. | 6.1 |
2017-02-07 | CVE-2016-6094 | Information Exposure vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data. | 4.3 |
2017-02-07 | CVE-2016-6092 | Information Exposure vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. | 6.2 |
2017-02-02 | CVE-2016-6116 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |