CVE-2016-0918
https://notcve.org/view.php?id=CVE-2016-0918
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. EMC RSA Identity Management and Governance en versiones anteriores a 6.8.1 P25 y 6.9.x en versiones anteriores a 6.9.1 P15 y RSA Via Lifecycle and Governance en versiones anteriores a 7.0.0 P04 permiten a usuarios remotos autenticados obtener información de User Detail Popup a través de una URL modificada. • http://seclists.org/bugtraq/2016/Sep/52 http://www.securityfocus.com/bid/93108 http://www.securitytracker.com/id/1036896 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-4540
https://notcve.org/view.php?id=CVE-2015-4540
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en EMC RSA Identity Management & Governance (IMG) en versiones anteriores a 6.8.1 P18 y 6.9.x en versiones anteriores 6.9.1 P6, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://seclists.org/bugtraq/2015/Sep/36 http://www.securitytracker.com/id/1033520 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-4539
https://notcve.org/view.php?id=CVE-2015-4539
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en EMC RSA Identity Management & Governance (IMG) en versiones anteriores a 7.0.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://seclists.org/bugtraq/2015/Sep/36 http://www.securitytracker.com/id/1033520 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4619
https://notcve.org/view.php?id=CVE-2014-4619
EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username. EMC RSA Identity Management and Governance (IMG) 6.5.x en versiones anteriores a 6.5.1 P11, 6.5.2 en versiones anteriores a P02HF01 y 6.8.x en versiones anteriores a 6.8.1 P07, cuando se utiliza Novell Identity Manager (también conocido como NovellIM), permite a atacantes remotos eludir la autenticación a través de un nombre de usuario válido arbitrario. • http://archives.neohapsis.com/archives/bugtraq/2014-08/0133.html http://packetstormsecurity.com/files/128005/RSA-Identity-Management-And-Governance-Authentication-Bypass.html http://secunia.com/advisories/60281 http://www.securityfocus.com/bid/69411 http://www.securitytracker.com/id/1030759 https://exchange.xforce.ibmcloud.com/vulnerabilities/95483 • CWE-287: Improper Authentication •