Ibm Security Key Lifecycle Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Security Key Lifecycle Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (70)
CVE-2016-6095 — CVSS 9.8 (critical): IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force…
CVE-2016-6093 — CVSS 9.8 (critical): IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers…
CVE-2017-1670 — CVSS 9.8 (critical): IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL…
CVE-2020-4567 — CVSS 9.8 (critical): IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force…
CVE-2017-1672 — CVSS 8.8 (high): IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious…
CVE-2016-6103 — CVSS 8.8 (high): IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious…
CVE-2016-6105 — CVSS 8.2 (high): IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing…
CVE-2017-1666 — CVSS 8.1 (high): IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data…
CVE-2016-6098 — CVSS 8.1 (high): IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that…
CVE-2018-1744 — CVSS 7.7 (high): IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker…
CVE-2020-4574 — CVSS 7.5 (high): IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers…
CVE-2018-1745 — CVSS 7.5 (high): IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing…
CVE-2021-38984 — CVSS 7.5 (high): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker…
CVE-2021-38983 — CVSS 7.5 (high): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker…
CVE-2021-38979 — CVSS 7.5 (high): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible…
CVE-2019-4565 — CVSS 7.5 (high): IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier…
CVE-2017-1671 — CVSS 7.5 (high): IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could…
CVE-2016-6104 — CVSS 7.2 (high): IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of…
CVE-2018-1747 — CVSS 7.1 (high): IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML…
CVE-2018-1738 — CVSS 7.1 (high): IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize…
CVE-2020-4569 — CVSS 6.5 (medium): IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but the…
CVE-2021-38974 — CVSS 6.5 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially…
CVE-2023-25684 — CVSS 6.5 (medium): IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send…
CVE-2019-4515 — CVSS 6.5 (medium): IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute…
CVE-2018-1741 — CVSS 6.5 (medium): IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to…
CVE-2021-38975 — CVSS 6.5 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a…
CVE-2023-25686 — CVSS 6.2 (medium): IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read…
CVE-2016-6092 — CVSS 6.2 (medium): IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.
CVE-2019-4564 — CVSS 6.1 (medium): IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2016-6096 — CVSS 6.1 (medium): IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2017-1668 — CVSS 6.1 (medium): IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect…
CVE-2017-1673 — CVSS 6.1 (medium): IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2018-1742 — CVSS 5.9 (medium): IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses…
CVE-2021-38978 — CVSS 5.9 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the…
CVE-2018-1751 — CVSS 5.9 (medium): IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to…
CVE-2017-1665 — CVSS 5.9 (medium): IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to…
CVE-2017-1664 — CVSS 5.9 (medium): IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to…
CVE-2016-6116 — CVSS 5.9 (medium): IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to…
CVE-2021-38976 — CVSS 5.5 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user…
CVE-2019-4566 — CVSS 5.5 (medium): IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM…
CVE-2020-4568 — CVSS 5.5 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM…
CVE-2023-25924 — CVSS 5.4 (medium): IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they…
CVE-2020-4845 — CVSS 5.4 (medium): IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2021-38982 — CVSS 5.4 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2021-38980 — CVSS 5.3 (medium): IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to…
CVE-2021-38981 — CVSS 5.3 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed…
CVE-2020-4572 — CVSS 5.3 (medium): IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical…
CVE-2020-4573 — CVSS 5.3 (medium): IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM…
CVE-2016-6099 — CVSS 5.3 (medium): IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount…
CVE-2018-1743 — CVSS 5.3 (medium): IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to…
CVE-2019-4514 — CVSS 5.3 (medium): IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information can be…
CVE-2016-6117 — CVSS 5.3 (medium): IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information.
CVE-2016-6094 — CVSS 4.3 (medium): IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment…
CVE-2023-25687 — CVSS 4.3 (medium): IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive…
CVE-2018-1749 — CVSS 4.3 (medium): IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass…
CVE-2021-38972 — CVSS 4.3 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that…
CVE-2023-25688 — CVSS 4.3 (medium): IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the…
CVE-2017-1727 — CVSS 4.3 (medium): IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further…
CVE-2021-38977 — CVSS 4.3 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies…
CVE-2018-1753 — CVSS 4.3 (medium): IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment…
CVE-2021-38985 — CVSS 4.3 (medium): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that…
CVE-2018-1750 — CVSS 4.2 (medium): IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read…
CVE-2014-0872 — CVSS 4.1 (medium): The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain…
CVE-2016-6097 — CVSS 4.0 (medium): IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.
CVE-2017-1669 — CVSS 3.7 (low): IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure…
CVE-2016-6102 — CVSS 3.7 (low): IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if…
CVE-2021-38973 — CVSS 2.7 (low): IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that…
CVE-2023-25689 — CVSS 2.7 (low): IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the…
CVE-2020-4846 — CVSS 2.7 (low): IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical…
CVE-2023-25923 — CVSS 2.7 (low): IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a…