Vulnerabilities > IBM > Security KEY Lifecycle Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-22 CVE-2023-25688 Unspecified vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm
5.3
2023-03-21 CVE-2023-25686 Insufficiently Protected Credentials vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2023-03-21 CVE-2023-25687 Information Exposure Through Log Files vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files.
network
low complexity
ibm CWE-532
4.3
2023-03-21 CVE-2023-25689 Unspecified vulnerability in IBM Security KEY Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm
5.3
2021-11-23 CVE-2021-38980 Information Exposure Through an Error Message vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
2021-11-15 CVE-2021-38974 Unspecified vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests.
network
low complexity
ibm
6.5
2021-11-15 CVE-2021-38975 Unspecified vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request.
network
low complexity
ibm
6.5
2021-11-15 CVE-2021-38976 Insufficiently Protected Credentials vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
2021-11-15 CVE-2021-38977 Missing Encryption of Sensitive Data vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-311
4.3
2021-11-15 CVE-2021-38978 Cleartext Transmission of Sensitive Information vulnerability in IBM products
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-319
5.9