Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-6102

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359.

Published

2017-03-27T22:59:00.193

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 3.7 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-200
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ibm security_key_lifecycle_manager 2.5.0 Yes
Application ibm security_key_lifecycle_manager 2.5.0.0 Yes
Application ibm security_key_lifecycle_manager 2.5.0.1 Yes
Application ibm security_key_lifecycle_manager 2.5.0.2 Yes
Application ibm security_key_lifecycle_manager 2.5.0.3 Yes
Application ibm security_key_lifecycle_manager 2.5.0.4 Yes
Application ibm security_key_lifecycle_manager 2.5.0.5 Yes
Application ibm security_key_lifecycle_manager 2.5.0.6 Yes
Application ibm security_key_lifecycle_manager 2.5.0.7 Yes
Application ibm security_key_lifecycle_manager 2.6.0 Yes
Application ibm security_key_lifecycle_manager 2.6.0.1 Yes
Application ibm security_key_lifecycle_manager 2.6.0.2 Yes
References