CVE-2016-6094 — Sensitive Information Exposure in Corporation KEY Lifecycle Manager

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 60.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation KEY Lifecycle Manager IBM Security KEY Lifecycle Manager IBM Tivoli KEY Lifecycle Manager

Timeline

PublishedFeb 7

Latest updateMay 17

Description

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶NVDibm/tivoli_key_lifecycle_manager9 versions+8

▶NVDibm/security_key_lifecycle_manager11 versions+10

▶CVEListV5ibm_corporation/key_lifecycle_manager5 versions+4

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-fvpx-5wr5-2v8r: IBM Tivoli Key Lifecycle Manager 2↗2022-05-17

▶

CVEList

CVE-2016-6094: IBM Tivoli Key Lifecycle Manager 2↗2017-02-07

▶