NotCVE - vendor:"Ibm" product:"Security Identity Manager" version:"7.0.1.0"

19 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-29688

https://notcve.org/view.php?id=CVE-2021-29688

20 May 2021 — IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102. IBM Security Identity Manager versión 7.0.2, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en nuevos ataques contra... • https://exchange.xforce.ibmcloud.com/vulnerabilities/200102 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1962

https://notcve.org/view.php?id=CVE-2018-1962

04 Feb 2019 — IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658. IBM Security Identity Manager Virtual Appliance 7.0.1 no invalida los tokens de sesión cuando el botón de cierre de sesión está pulsado. La falta de una terminación correcta de la sesión podría permitir que los atacantes con acceso local inicien s... • http://www.ibm.com/support/docview.wss?uid=ibm10796380 • CWE-384: Session Fixation •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-4038

https://notcve.org/view.php?id=CVE-2019-4038

04 Feb 2019 — IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162. IBM Security Identity Manager 6.0 y 7.0 podría permitir que un atacante cree rutas de flujo de control mediante la aplicación, pudiendo omitir las comprobaciones de seguridad. La explotación de esta vulnerabilidad puede resultar en una form... • https://exchange.xforce.ibmcloud.com/vulnerabilities/156162 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1959

https://notcve.org/view.php?id=CVE-2018-1959

24 Jan 2019 — IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633. La Virtual Appliance de IBM Security Identity Manager 7.0.1 contiene credenciales embebidas, como una contraseña o una clave criptográfica, que emplea para su propia autenticación entrante, comunicación saliente hacia componentes e... • http://www.securityfocus.com/bid/106726 • CWE-798: Use of Hard-coded Credentials •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2016-0351

https://notcve.org/view.php?id=CVE-2016-0351

21 Feb 2018 — IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890. IBM Security Identity Manager Virtual Appliance, en versiones 7.0.x anteriores a 7.0.1.3-ISS-SIM-IF0001 no establece la marca secure para la cookie de sesión en una sesión HTTPS. Esto facilita que atacantes r... • http://www-01.ibm.com/support/docview.wss?uid=swg21989198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2016-0367

https://notcve.org/view.php?id=CVE-2016-0367

21 Feb 2018 — IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 112072. IBM Security Identity Manager Virtual Appliance, en versiones 7.0.x anteriores a la 7.0.1.3-ISS-SIM-IF0001 permite que usuarios autenticados remotos obtengan información sensible mediante la lectura de un mensaje de error. IBM X-Force ID: 112072. • http://www-01.ibm.com/support/docview.wss?uid=swg21989198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.0EPSS: 4%CPEs: 5EXPL: 0

CVE-2016-0324

https://notcve.org/view.php?id=CVE-2016-0324

12 Jan 2018 — IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640. IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 permite que usuarios autenticados remotos ejecuten código arbitrario con privilegios de administrador mediante vectores sin especificar. IBM X-For... • http://www-01.ibm.com/support/docview.wss?uid=swg21981438 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-0327

https://notcve.org/view.php?id=CVE-2016-0327

12 Jan 2018 — IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643. IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 permite que usuarios autenticados remotos ejecuten código arbitrario con privilegios de administrador mediante vectores sin especificar. IBM X-Force ID: 111643. • http://www-01.ibm.com/support/docview.wss?uid=swg21981438 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-0332

https://notcve.org/view.php?id=CVE-2016-0332

12 Jan 2018 — IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695. IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 no restringe correctamente intentos fallidos de inicio de sesión, lo que facilita que atacantes remotos obtengan acceso media... • http://www-01.ibm.com/support/docview.wss?uid=swg21981438 • CWE-254: 7PK - Security Features •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-0335

https://notcve.org/view.php?id=CVE-2016-0335

12 Jan 2018 — Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 permite que atacantes remotos ... • http://www-01.ibm.com/support/docview.wss?uid=swg21981438 • CWE-352: Cross-Site Request Forgery (CSRF) •

1 2