CVE-2016-6093 — IBM Security KEY Lifecycle Manager vulnerability

CWE-2553 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 41.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security KEY Lifecycle Manager IBM Tivoli KEY Lifecycle Manager

Timeline

PublishedJun 8

Latest updateMay 17

Description

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDibm/tivoli_key_lifecycle_manager9 versions+8

▶CVEListV5ibm/security_key_lifecycle_manager2.0.1, 2.5, 2.6+2

▶NVDibm/security_key_lifecycle_manager11 versions+10

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-m5pj-j3r3-h889: IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromis↗2022-05-17

▶

CVEList

CVE-2016-6093: IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromis↗2017-06-08

▶