What is the severity of CVE-2016-6096?

CVE-2016-6096 is classified as a medium severity vulnerability due to its potential for credentials disclosure.

How do I fix CVE-2016-6096?

To fix CVE-2016-6096, it is recommended to upgrade IBM Tivoli Key Lifecycle Manager to a version that is not affected by this vulnerability.

Which versions of IBM Tivoli Key Lifecycle Manager are affected by CVE-2016-6096?

CVE-2016-6096 affects IBM Tivoli Key Lifecycle Manager versions 2.0.1, 2.5, and 2.6.

What type of vulnerability is CVE-2016-6096?

CVE-2016-6096 is a cross-site scripting (XSS) vulnerability.

Can CVE-2016-6096 lead to data breaches?

Yes, CVE-2016-6096 can potentially lead to credentials disclosure, which may facilitate unauthorized access to sensitive data.

Vulnerability/
CVE-2016-6096

medium

6.1

CWE

7/2/2017

6/8/2024

CVE-2016-6096: XSS

First published: Tue Feb 07 2017(Updated: )

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Guardium Key Lifecycle Manager	=2.5.0.0
IBM Security Guardium Key Lifecycle Manager	=2.5.0.1
IBM Security Guardium Key Lifecycle Manager	=2.5.0.2
IBM Security Guardium Key Lifecycle Manager	=2.5.0.3
IBM Security Guardium Key Lifecycle Manager	=2.5.0.4
IBM Security Guardium Key Lifecycle Manager	=2.5.0.5
IBM Security Guardium Key Lifecycle Manager	=2.5.0.6
IBM Security Guardium Key Lifecycle Manager	=2.5.0.7
IBM Security Guardium Key Lifecycle Manager	=2.6.0.0
IBM Security Guardium Key Lifecycle Manager	=2.6.0.1
IBM Security Guardium Key Lifecycle Manager	=2.6.0.2
IBM Security Key Lifecycle Manager	=2.0.1
IBM Security Key Lifecycle Manager	=2.0.1.1
IBM Security Key Lifecycle Manager	=2.0.1.2
IBM Security Key Lifecycle Manager	=2.0.1.3
IBM Security Key Lifecycle Manager	=2.0.1.4
IBM Security Key Lifecycle Manager	=2.0.1.5
IBM Security Key Lifecycle Manager	=2.0.1.6
IBM Security Key Lifecycle Manager	=2.0.1.7
IBM Security Key Lifecycle Manager	=2.0.1.8

Remedy

http://www.ibm.com/support/docview.wss?uid=swg21997984

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6096?
CVE-2016-6096 is classified as a medium severity vulnerability due to its potential for credentials disclosure.
How do I fix CVE-2016-6096?
To fix CVE-2016-6096, it is recommended to upgrade IBM Tivoli Key Lifecycle Manager to a version that is not affected by this vulnerability.
Which versions of IBM Tivoli Key Lifecycle Manager are affected by CVE-2016-6096?
CVE-2016-6096 affects IBM Tivoli Key Lifecycle Manager versions 2.0.1, 2.5, and 2.6.
What type of vulnerability is CVE-2016-6096?
CVE-2016-6096 is a cross-site scripting (XSS) vulnerability.
Can CVE-2016-6096 lead to data breaches?
Yes, CVE-2016-6096 can potentially lead to credentials disclosure, which may facilitate unauthorized access to sensitive data.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm security guardium key lifecycle manager
version/ibm security guardium key lifecycle manager/2.5.0.0
version/ibm security guardium key lifecycle manager/2.5.0.1
version/ibm security guardium key lifecycle manager/2.5.0.2
version/ibm security guardium key lifecycle manager/2.5.0.3
version/ibm security guardium key lifecycle manager/2.5.0.4
version/ibm security guardium key lifecycle manager/2.5.0.5
version/ibm security guardium key lifecycle manager/2.5.0.6
version/ibm security guardium key lifecycle manager/2.5.0.7
version/ibm security guardium key lifecycle manager/2.6.0.0
version/ibm security guardium key lifecycle manager/2.6.0.1
version/ibm security guardium key lifecycle manager/2.6.0.2
canonical/ibm security key lifecycle manager
version/ibm security key lifecycle manager/2.0.1
version/ibm security key lifecycle manager/2.0.1.1
version/ibm security key lifecycle manager/2.0.1.2
version/ibm security key lifecycle manager/2.0.1.3
version/ibm security key lifecycle manager/2.0.1.4
version/ibm security key lifecycle manager/2.0.1.5
version/ibm security key lifecycle manager/2.0.1.6
version/ibm security key lifecycle manager/2.0.1.7
version/ibm security key lifecycle manager/2.0.1.8