Vulnerabilites related to ibm - tivoli_key_lifecycle_manager
Vulnerability from fkie_nvd
Published
2017-02-07 16:59
Modified
2025-04-20 01:37
Summary
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE43784F-AEBE-4399-82C5-A339D9BCB676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E57B0BB-2994-4A47-9C32-3DA982F23071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD5B68E-FB45-4985-96C7-6CFF3765E761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF878AE8-D016-4546-84ED-5D65E21F833B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "81E86F00-E597-4C98-9863-05A4BA84D0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA52325-CC9C-481A-8140-32C86608E2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F809CA96-9F05-4E58-91D0-9F05DC984D2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59D5198-0125-4397-ACD4-2AFE80FB0A6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D107CCC-476F-4453-BF41-B83923E5D695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E034D4-2424-4395-806A-4BFC86440724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C549F098-24E9-4AC8-98C9-53A9FB802644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EFD9EB1-87F8-40E2-8A8C-F33B4D071400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0861924-B792-433E-A71D-2BE404A50012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F62652F-538C-4B5E-9FAD-1CF11FE2D8A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3450BBE6-A657-4C68-840F-85073E04A8A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B49D55-3442-42C0-86D8-889958BFC5BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A894E2-E47E-40E9-B165-8B25F46139BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB97FF5-8B8C-4933-BF58-EBBE1B7B515D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system."
    },
    {
      "lang": "es",
      "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 permite que las p\u00e1ginas web se almacenen localmente de forma que puedan ser le\u00eddas por otro usuario en el sistema."
    }
  ],
  "id": "CVE-2016-6097",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-07T16:59:00.277",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997986"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95977"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-07 16:59
Modified
2025-04-20 01:37
Summary
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE43784F-AEBE-4399-82C5-A339D9BCB676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E57B0BB-2994-4A47-9C32-3DA982F23071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD5B68E-FB45-4985-96C7-6CFF3765E761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF878AE8-D016-4546-84ED-5D65E21F833B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "81E86F00-E597-4C98-9863-05A4BA84D0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA52325-CC9C-481A-8140-32C86608E2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F809CA96-9F05-4E58-91D0-9F05DC984D2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59D5198-0125-4397-ACD4-2AFE80FB0A6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D107CCC-476F-4453-BF41-B83923E5D695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E034D4-2424-4395-806A-4BFC86440724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C549F098-24E9-4AC8-98C9-53A9FB802644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EFD9EB1-87F8-40E2-8A8C-F33B4D071400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0861924-B792-433E-A71D-2BE404A50012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F62652F-538C-4B5E-9FAD-1CF11FE2D8A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3450BBE6-A657-4C68-840F-85073E04A8A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B49D55-3442-42C0-86D8-889958BFC5BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A894E2-E47E-40E9-B165-8B25F46139BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB97FF5-8B8C-4933-BF58-EBBE1B7B515D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data."
    },
    {
      "lang": "es",
      "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 genera un mensaje de error que incluye informaci\u00f3n sensible acerca de su entorno, usuarios o datos asociados."
    }
  ],
  "id": "CVE-2016-6094",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-07T16:59:00.230",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997987"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95984"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-07 16:59
Modified
2025-04-20 01:37
Summary
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE43784F-AEBE-4399-82C5-A339D9BCB676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E57B0BB-2994-4A47-9C32-3DA982F23071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD5B68E-FB45-4985-96C7-6CFF3765E761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF878AE8-D016-4546-84ED-5D65E21F833B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "81E86F00-E597-4C98-9863-05A4BA84D0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA52325-CC9C-481A-8140-32C86608E2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F809CA96-9F05-4E58-91D0-9F05DC984D2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59D5198-0125-4397-ACD4-2AFE80FB0A6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D107CCC-476F-4453-BF41-B83923E5D695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E034D4-2424-4395-806A-4BFC86440724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C549F098-24E9-4AC8-98C9-53A9FB802644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EFD9EB1-87F8-40E2-8A8C-F33B4D071400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0861924-B792-433E-A71D-2BE404A50012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F62652F-538C-4B5E-9FAD-1CF11FE2D8A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3450BBE6-A657-4C68-840F-85073E04A8A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B49D55-3442-42C0-86D8-889958BFC5BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A894E2-E47E-40E9-B165-8B25F46139BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB97FF5-8B8C-4933-BF58-EBBE1B7B515D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user."
    },
    {
      "lang": "es",
      "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 almacena credenciales de usuario en claro en texto plano que puede ser le\u00eddo por un usuario local."
    }
  ],
  "id": "CVE-2016-6092",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-07T16:59:00.197",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997953"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-06-08 21:29
Modified
2025-04-20 01:37
Summary
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE43784F-AEBE-4399-82C5-A339D9BCB676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E57B0BB-2994-4A47-9C32-3DA982F23071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD5B68E-FB45-4985-96C7-6CFF3765E761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF878AE8-D016-4546-84ED-5D65E21F833B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "81E86F00-E597-4C98-9863-05A4BA84D0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA52325-CC9C-481A-8140-32C86608E2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F809CA96-9F05-4E58-91D0-9F05DC984D2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59D5198-0125-4397-ACD4-2AFE80FB0A6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D107CCC-476F-4453-BF41-B83923E5D695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E034D4-2424-4395-806A-4BFC86440724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C549F098-24E9-4AC8-98C9-53A9FB802644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EFD9EB1-87F8-40E2-8A8C-F33B4D071400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0861924-B792-433E-A71D-2BE404A50012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F62652F-538C-4B5E-9FAD-1CF11FE2D8A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3450BBE6-A657-4C68-840F-85073E04A8A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B49D55-3442-42C0-86D8-889958BFC5BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A894E2-E47E-40E9-B165-8B25F46139BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB97FF5-8B8C-4933-BF58-EBBE1B7B515D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors."
    },
    {
      "lang": "es",
      "value": "IBM Tivoli Key Lifecycle Manager versiones 2.0.1, 2.5 y 2.6 especifica permisos para un recurso cr\u00edtico de seguridad de una manera que permite que el recurso sea le\u00eddo o modificado por actores no deseados."
    }
  ],
  "id": "CVE-2016-6098",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-08T21:29:00.457",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997958"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95982"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118254"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-07 16:59
Modified
2025-04-20 01:37
Summary
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE43784F-AEBE-4399-82C5-A339D9BCB676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E57B0BB-2994-4A47-9C32-3DA982F23071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD5B68E-FB45-4985-96C7-6CFF3765E761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF878AE8-D016-4546-84ED-5D65E21F833B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "81E86F00-E597-4C98-9863-05A4BA84D0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA52325-CC9C-481A-8140-32C86608E2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F809CA96-9F05-4E58-91D0-9F05DC984D2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59D5198-0125-4397-ACD4-2AFE80FB0A6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D107CCC-476F-4453-BF41-B83923E5D695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E034D4-2424-4395-806A-4BFC86440724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C549F098-24E9-4AC8-98C9-53A9FB802644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EFD9EB1-87F8-40E2-8A8C-F33B4D071400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0861924-B792-433E-A71D-2BE404A50012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F62652F-538C-4B5E-9FAD-1CF11FE2D8A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3450BBE6-A657-4C68-840F-85073E04A8A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B49D55-3442-42C0-86D8-889958BFC5BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A894E2-E47E-40E9-B165-8B25F46139BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB97FF5-8B8C-4933-BF58-EBBE1B7B515D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-6096",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-07T16:59:00.247",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997984"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95983"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-06-08 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE43784F-AEBE-4399-82C5-A339D9BCB676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E57B0BB-2994-4A47-9C32-3DA982F23071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD5B68E-FB45-4985-96C7-6CFF3765E761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF878AE8-D016-4546-84ED-5D65E21F833B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "81E86F00-E597-4C98-9863-05A4BA84D0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA52325-CC9C-481A-8140-32C86608E2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F809CA96-9F05-4E58-91D0-9F05DC984D2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59D5198-0125-4397-ACD4-2AFE80FB0A6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D107CCC-476F-4453-BF41-B83923E5D695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E034D4-2424-4395-806A-4BFC86440724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C549F098-24E9-4AC8-98C9-53A9FB802644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EFD9EB1-87F8-40E2-8A8C-F33B4D071400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0861924-B792-433E-A71D-2BE404A50012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F62652F-538C-4B5E-9FAD-1CF11FE2D8A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3450BBE6-A657-4C68-840F-85073E04A8A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B49D55-3442-42C0-86D8-889958BFC5BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A894E2-E47E-40E9-B165-8B25F46139BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB97FF5-8B8C-4933-BF58-EBBE1B7B515D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
    },
    {
      "lang": "es",
      "value": "IBM Tivoli Key Lifecycle Manager no requiere que los usuarios tengan contrase\u00f1as seguras por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario."
    }
  ],
  "id": "CVE-2016-6093",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-08T21:29:00.423",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997956"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95985"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118172"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2016-6098 (GCVE-0-2016-6098)
Vulnerability from cvelistv5
Published
2017-06-08 21:00
Modified
2024-08-06 01:22
Severity ?
CWE
  • Gain Access
Summary
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Impacted products
Vendor Product Version
IBM Security Key Lifecycle Manager Version: 2.5
Version: 2.0.1
Version: 2.6
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:19.688Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21997958"
          },
          {
            "name": "95982",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95982"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118254"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Key Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "2.5"
            },
            {
              "status": "affected",
              "version": "2.0.1"
            },
            {
              "status": "affected",
              "version": "2.6"
            }
          ]
        }
      ],
      "datePublic": "2017-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-09T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21997958"
        },
        {
          "name": "95982",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95982"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118254"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6098",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Key Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.5"
                          },
                          {
                            "version_value": "2.0.1"
                          },
                          {
                            "version_value": "2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21997958",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21997958"
            },
            {
              "name": "95982",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95982"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118254",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118254"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6098",
    "datePublished": "2017-06-08T21:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:19.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6097 (GCVE-0-2016-6097)
Vulnerability from cvelistv5
Published
2017-02-07 16:00
Modified
2024-08-06 01:22
Severity ?
CWE
  • Obtain Information
Summary
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.
References
Impacted products
Vendor Product Version
IBM Corporation Key Lifecycle Manager Version: 2.5
Version: 1.0
Version: 2.0
Version: 2.0.1
Version: 2.6
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:18.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21997986"
          },
          {
            "name": "95977",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95977"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Key Lifecycle Manager",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "2.5"
            },
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.0.1"
            },
            {
              "status": "affected",
              "version": "2.6"
            }
          ]
        }
      ],
      "datePublic": "2017-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-08T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21997986"
        },
        {
          "name": "95977",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95977"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6097",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Key Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.5"
                          },
                          {
                            "version_value": "1.0"
                          },
                          {
                            "version_value": "2.0"
                          },
                          {
                            "version_value": "2.0.1"
                          },
                          {
                            "version_value": "2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21997986",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21997986"
            },
            {
              "name": "95977",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95977"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6097",
    "datePublished": "2017-02-07T16:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:18.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6094 (GCVE-0-2016-6094)
Vulnerability from cvelistv5
Published
2017-02-07 16:00
Modified
2024-08-06 01:22
Severity ?
CWE
  • Obtain Information
Summary
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.
References
Impacted products
Vendor Product Version
IBM Corporation Key Lifecycle Manager Version: 2.5
Version: 1.0
Version: 2.0
Version: 2.0.1
Version: 2.6
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:18.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21997987"
          },
          {
            "name": "95984",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95984"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Key Lifecycle Manager",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "2.5"
            },
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.0.1"
            },
            {
              "status": "affected",
              "version": "2.6"
            }
          ]
        }
      ],
      "datePublic": "2017-02-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-08T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21997987"
        },
        {
          "name": "95984",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95984"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6094",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Key Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.5"
                          },
                          {
                            "version_value": "1.0"
                          },
                          {
                            "version_value": "2.0"
                          },
                          {
                            "version_value": "2.0.1"
                          },
                          {
                            "version_value": "2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21997987",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21997987"
            },
            {
              "name": "95984",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95984"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6094",
    "datePublished": "2017-02-07T16:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:18.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6096 (GCVE-0-2016-6096)
Vulnerability from cvelistv5
Published
2017-02-07 16:00
Modified
2024-08-06 01:22
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
Vendor Product Version
IBM Corporation Key Lifecycle Manager Version: 2.5
Version: 1.0
Version: 2.0
Version: 2.0.1
Version: 2.6
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:19.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95983",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95983"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21997984"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Key Lifecycle Manager",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "2.5"
            },
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.0.1"
            },
            {
              "status": "affected",
              "version": "2.6"
            }
          ]
        }
      ],
      "datePublic": "2017-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-08T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "95983",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95983"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21997984"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6096",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Key Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.5"
                          },
                          {
                            "version_value": "1.0"
                          },
                          {
                            "version_value": "2.0"
                          },
                          {
                            "version_value": "2.0.1"
                          },
                          {
                            "version_value": "2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95983",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95983"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21997984",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21997984"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6096",
    "datePublished": "2017-02-07T16:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:19.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6093 (GCVE-0-2016-6093)
Vulnerability from cvelistv5
Published
2017-06-08 21:00
Modified
2024-08-06 01:22
Severity ?
CWE
  • Obtain Information
Summary
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
Impacted products
Vendor Product Version
IBM Security Key Lifecycle Manager Version: 2.5
Version: 2.0.1
Version: 2.6
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:20.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21997956"
          },
          {
            "name": "95985",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95985"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118172"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security Key Lifecycle Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "2.5"
            },
            {
              "status": "affected",
              "version": "2.0.1"
            },
            {
              "status": "affected",
              "version": "2.6"
            }
          ]
        }
      ],
      "datePublic": "2017-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-09T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21997956"
        },
        {
          "name": "95985",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95985"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118172"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6093",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Key Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.5"
                          },
                          {
                            "version_value": "2.0.1"
                          },
                          {
                            "version_value": "2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21997956",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21997956"
            },
            {
              "name": "95985",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95985"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118172",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118172"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6093",
    "datePublished": "2017-06-08T21:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:20.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6092 (GCVE-0-2016-6092)
Vulnerability from cvelistv5
Published
2017-02-07 16:00
Modified
2024-08-06 01:22
Severity ?
CWE
  • Obtain Information
Summary
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.
References
Impacted products
Vendor Product Version
IBM Corporation Key Lifecycle Manager Version: 2.5
Version: 1.0
Version: 2.0
Version: 2.0.1
Version: 2.6
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:19.750Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21997953"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Key Lifecycle Manager",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "2.5"
            },
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.0.1"
            },
            {
              "status": "affected",
              "version": "2.6"
            }
          ]
        }
      ],
      "datePublic": "2017-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21997953"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6092",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Key Lifecycle Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.5"
                          },
                          {
                            "version_value": "1.0"
                          },
                          {
                            "version_value": "2.0"
                          },
                          {
                            "version_value": "2.0.1"
                          },
                          {
                            "version_value": "2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21997953",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21997953"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6092",
    "datePublished": "2017-02-07T16:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:19.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}