Security Guardium Key Lifecycle Manager
Monthly
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.