CVE-2016-6116
MEDIUMIBM Tivoli Key Lifecycle Manager <2.7 - Info Disclosure
Title source: llmDescription
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
Scores
CVSS v3
5.9
EPSS
0.0022
EPSS Percentile
43.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-200
Status
published
Affected Products (17)
ibm/security_key_lifecycle_manager
ibm/security_key_lifecycle_manager
ibm/security_key_lifecycle_manager
ibm/security_key_lifecycle_manager
ibm/security_key_lifecycle_manager
ibm/security_key_lifecycle_manager
ibm/security_key_lifecycle_manager
ibm/security_key_lifecycle_manager
ibm/security_key_lifecycle_manager
ibm/security_key_lifecycle_manager
ibm/security_key_lifecycle_manager
ibm/security_key_lifecycle_manager
IBM Corporation/Key Lifecycle Manager
< 2.5
IBM Corporation/Key Lifecycle Manager
< 1.0
IBM Corporation/Key Lifecycle Manager
< 2.0
... and 2 more
Timeline
Published
Feb 02, 2017
Tracked Since
Feb 18, 2026