Vulnerability Details : CVE-2016-6093
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
Products affected by CVE-2016-6093
- cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6093
0.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6093
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-6093
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6093
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/118172
IBM Tivoli Key Lifecycle Manager information disclosure CVE-2016-6093 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www.securityfocus.com/bid/95985
IBM Security Key Lifecycle Manager CVE-2016-6093 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://www.ibm.com/support/docview.wss?uid=swg21997956
IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by weak password policy (CVE-2016-6093)Patch;Vendor Advisory
Jump to