Vulnerabilities > IBM > Security KEY Lifecycle Manager > 2.7.0.3

DATE CVE VULNERABILITY TITLE RISK
2019-10-04 CVE-2019-4564 Cross-site Scripting vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2019-10-04 CVE-2019-4514 Information Exposure vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
5.3
5.3
2018-10-15 CVE-2018-1747 XXE vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
7.1
2018-10-15 CVE-2018-1744 Path Traversal vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
6.5
2018-10-11 CVE-2018-1745 Missing Authentication for Critical Function vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication.
network
low complexity
ibm CWE-306
7.5
7.5
2018-10-11 CVE-2018-1738 Improper Authentication vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms.
network
low complexity
ibm CWE-287
7.1
7.1
2018-10-08 CVE-2018-1753 Information Exposure vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data.
network
low complexity
ibm CWE-200
4.3
4.3
2018-10-08 CVE-2018-1750 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
network
low complexity
ibm CWE-732
8.1
8.1
2018-10-08 CVE-2018-1749 Unspecified vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity.
network
low complexity
ibm
6.5
6.5
2018-10-08 CVE-2018-1743 Information Exposure vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
5.3
5.3