Ibm: >> Security Key Lifecycle Manager >> 3.0 Security Vulnerabilities
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514.
CVSS Score
4.3
EPSS Score
0.001
Published
2018-10-08
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise program logic or other consequences. IBM X-Force ID: 148420.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-10-08
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421.
CVSS Score
5.9
EPSS Score
0.0
Published
2018-10-08
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 148422.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-10-08
Page 4