Vulnerabilities > IBM > Security KEY Lifecycle Manager > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-22 CVE-2023-25924 Unspecified vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization.
network
low complexity
ibm
8.8
2023-03-21 CVE-2023-25923 Unspecified vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization.
network
low complexity
ibm
7.5
2021-11-15 CVE-2021-38979 Use of Password Hash With Insufficient Computational Effort vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input.
network
low complexity
ibm CWE-916
7.5
2021-11-15 CVE-2021-38983 Inadequate Encryption Strength vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2021-11-15 CVE-2021-38984 Inadequate Encryption Strength vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2020-07-29 CVE-2020-4574 Weak Password Requirements vulnerability in IBM Security KEY Lifecycle Manager 3.0.1/4.0
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
2019-09-20 CVE-2019-4565 Weak Password Requirements vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
2019-01-23 CVE-2018-1751 Inadequate Encryption Strength vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
2018-10-15 CVE-2018-1747 XXE vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2018-10-11 CVE-2018-1745 Missing Authentication for Critical Function vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication.
network
low complexity
ibm CWE-306
7.5