CVE-2016-6096
published 2017-02-07CVE-2016-6096: IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnu | glibc | >= 0 < 2.27-3ubuntu1.5 | 2.27-3ubuntu1.5 |
| gnu | glibc | >= 0 < 2.31-0ubuntu9.7 | 2.31-0ubuntu9.7 |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | tivoli_key_lifecycle_manager | — | — |
| ibm | tivoli_key_lifecycle_manager | — | — |
| ibm | tivoli_key_lifecycle_manager | — | — |
| ibm | tivoli_key_lifecycle_manager | — | — |
| ibm | tivoli_key_lifecycle_manager | — | — |
| ibm | tivoli_key_lifecycle_manager | — | — |
| ibm | tivoli_key_lifecycle_manager | — | — |
| ibm | tivoli_key_lifecycle_manager | — | — |
| ibm | tivoli_key_lifecycle_manager | — | — |
| ibm_corporation | key_lifecycle_manager | — | — |
| ibm_corporation | key_lifecycle_manager | — | — |
| ibm_corporation | key_lifecycle_manager | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv5.9MEDIUM