threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm security key lifecycle manager
Product
ibm security key lifecycle manager
70 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-25924
all versions
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions t
5.4
MEDIUM
CVE-2023-25688
all versions
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories o
4.3
MEDIUM
CVE-2023-25684
all versions
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker coul
6.5
MEDIUM
CVE-2023-25923
all versions
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be
2.7
LOW
CVE-2023-25686
all versions
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can
6.2
MEDIUM
CVE-2023-25689
all versions
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories
2.7
LOW
CVE-2023-25687
all versions
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive
4.3
MEDIUM
CVE-2021-38980
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attac
5.3
MEDIUM
CVE-2021-38984
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an a
7.5
HIGH
CVE-2021-38983
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an a
7.5
HIGH
CVE-2021-38982
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users t
5.4
MEDIUM
CVE-2021-38981
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a det
5.3
MEDIUM
CVE-2021-38979
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be re
7.5
HIGH
CVE-2021-38978
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by
5.9
MEDIUM
CVE-2021-38977
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session coo
4.3
MEDIUM
CVE-2021-38976
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local
5.5
MEDIUM
CVE-2021-38975
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to obtain sensitive information fro
6.5
MEDIUM
CVE-2021-38974
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using spe
6.5
MEDIUM
CVE-2021-38985
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validate
4.3
MEDIUM
CVE-2021-38973
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validate
2.7
LOW
CVE-2021-38972
>= 3.0 and <= 3.0.0.4
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validate
4.3
MEDIUM
CVE-2020-4846
>= 3.0.1 and < 3.0.1.5
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed tec
2.7
LOW
CVE-2020-4845
>= 3.0.1 and < 3.0.1.5
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed a
5.4
MEDIUM
CVE-2020-4568
all versions
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local u
5.5
MEDIUM
CVE-2020-4574
all versions
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for at
7.5
HIGH
CVE-2020-4573
all versions
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requ
5.3
MEDIUM
CVE-2020-4572
all versions
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed techn
5.3
MEDIUM
CVE-2020-4569
all versions
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mechanism that relies on the existence or values of an input, but
6.5
MEDIUM
CVE-2020-4567
all versions
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to br
9.8
CRITICAL
CVE-2019-4564
>= 2.6.0 and <= 2.6.0.5
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users
6.1
MEDIUM
CVE-2019-4514
>= 2.6.0 and <= 2.6.0.5
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses sensitive information to unauthorized users. The information
5.3
MEDIUM
CVE-2019-4566
>= 3.0 and <= 3.0.0.2
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user.
5.5
MEDIUM
CVE-2019-4515
>= 3.0.0 and <= 3.0.0.2
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to exec
6.5
MEDIUM
CVE-2019-4565
>= 3.0 and <= 3.0.0.2
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes
7.5
HIGH
CVE-2018-1751
>= 3.0 and <= 3.0.0.2
IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an atta
5.9
MEDIUM
CVE-2018-1747
>= 2.5.0 and <= 2.5.0.9
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when proce
7.1
HIGH
CVE-2018-1744
>= 2.5.0 and <= 2.5.0.9
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An
7.7
HIGH
CVE-2018-1745
>= 2.7.0 and <= 2.7.0.3
IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authe
7.5
HIGH
CVE-2018-1738
>= 2.6.0 and <= 2.6.0.4
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopa
7.1
HIGH
CVE-2018-1753
>= 2.6.0 and <= 2.6.0.4
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its enviro
4.3
MEDIUM
CVE-2018-1750
>= 2.6.0 and <= 2.6.0.5
IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource t
4.2
MEDIUM
CVE-2018-1749
>= 2.6.0 and <= 2.6.0.4
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to byp
4.3
MEDIUM
CVE-2018-1743
>= 2.6.0 and <= 2.6.0.4
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. The information can be u
5.3
MEDIUM
CVE-2018-1742
>= 2.6.0 and <= 2.6.0.4
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which
5.9
MEDIUM
CVE-2018-1741
>= 2.6.0 and <= 2.6.0.4
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be u
6.5
MEDIUM
CVE-2014-0872
all versions
The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users t
4.1
MEDIUM
CVE-2017-1671
all versions
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacke
7.5
HIGH
CVE-2017-1670
all versions
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted
9.8
CRITICAL
CVE-2017-1668
all versions
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redire
6.1
MEDIUM
CVE-2017-1666
all versions
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing X
8.1
HIGH
CVE-2017-1727
all versions
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in
4.3
MEDIUM
CVE-2017-1673
all versions
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed
6.1
MEDIUM
CVE-2017-1672
all versions
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute
8.8
HIGH
CVE-2017-1669
all versions
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information di
3.7
LOW
CVE-2017-1665
all versions
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker
5.9
MEDIUM
CVE-2017-1664
all versions
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker
5.9
MEDIUM
CVE-2016-6098
all versions
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows t
8.1
HIGH
CVE-2016-6093
all versions
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for at
9.8
CRITICAL
CVE-2016-6102
all versions
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosu
3.7
LOW
CVE-2016-6104
all versions
IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper vali
7.2
HIGH
CVE-2016-6097
all versions
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on th
4.0
MEDIUM
CVE-2016-6096
all versions
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to emb
6.1
MEDIUM
CVE-2016-6094
all versions
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its envi
4.3
MEDIUM
CVE-2016-6092
all versions
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local u
6.2
MEDIUM
CVE-2016-6116
all versions
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure
5.9
MEDIUM
CVE-2016-6103
all versions
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute
8.8
HIGH
CVE-2016-6099
all versions
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to
5.3
MEDIUM
CVE-2016-6095
all versions
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brut
9.8
CRITICAL
CVE-2016-6117
all versions
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information.
5.3
MEDIUM
CVE-2016-6105
all versions
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allow
8.2
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin