CVE-2016-6092Sensitive Information Exposure in Corporation KEY Lifecycle Manager

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.2MEDIUMNVD
EPSS
0.1%
top 84.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Corporation KEY Lifecycle ManagerIBM Security KEY Lifecycle ManagerIBM Tivoli KEY Lifecycle Manager
Timeline
PublishedFeb 7
Latest updateMay 17

Description

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages3 packages

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-33f9-622r-p353: IBM Tivoli Key Lifecycle Manager 22022-05-17
CVEList
CVE-2016-6092: IBM Tivoli Key Lifecycle Manager 22017-02-07
CVE-2016-6092 — Sensitive Information Exposure | cvebase