Vulnerabilities > IBM > Security KEY Lifecycle Manager > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-15 | CVE-2021-38982 | Cross-site Scripting vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. | 3.5 |
| 2021-11-15 | CVE-2021-38976 | Insufficiently Protected Credentials vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. | 2.1 |
| 2020-12-17 | CVE-2020-4845 | Cross-site Scripting vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. | 3.5 |
| 2020-11-10 | CVE-2020-4568 | Insufficiently Protected Credentials vulnerability in IBM Security KEY Lifecycle Manager 3.0/3.0.1/4.0 IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. | 2.1 |
| 2018-04-25 | CVE-2014-0872 | Information Exposure vulnerability in IBM Security KEY Lifecycle Manager 2.5.0 The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. | 1.5 |
| 2017-02-07 | CVE-2016-6092 | Information Exposure vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user. | 2.1 |
| 2017-02-07 | CVE-2016-6097 | Information Exposure vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system. | 2.1 |