Vulnerability Description
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Key Lifecycle Manager | 2.5.0.0 |
| Ibm | Tivoli Key Lifecycle Manager | 2.0.1 |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=swg21997956PatchVendor Advisory
- http://www.securityfocus.com/bid/95985Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/118172VDB EntryVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg21997956PatchVendor Advisory
- http://www.securityfocus.com/bid/95985Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/118172VDB EntryVendor Advisory
FAQ
What is CVE-2016-6093?
CVE-2016-6093 is a vulnerability with a CVSS score of 9.8 (CRITICAL). IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
How severe is CVE-2016-6093?
CVE-2016-6093 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-6093?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Key Lifecycle Manager, Ibm Tivoli Key Lifecycle Manager.