CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-29688
https://notcve.org/view.php?id=CVE-2021-29688
20 May 2021 — IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102. IBM Security Identity Manager versión 7.0.2, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en nuevos ataques contra... • https://exchange.xforce.ibmcloud.com/vulnerabilities/200102 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1962
https://notcve.org/view.php?id=CVE-2018-1962
04 Feb 2019 — IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658. IBM Security Identity Manager Virtual Appliance 7.0.1 no invalida los tokens de sesión cuando el botón de cierre de sesión está pulsado. La falta de una terminación correcta de la sesión podría permitir que los atacantes con acceso local inicien s... • http://www.ibm.com/support/docview.wss?uid=ibm10796380 • CWE-384: Session Fixation •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4038
https://notcve.org/view.php?id=CVE-2019-4038
04 Feb 2019 — IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162. IBM Security Identity Manager 6.0 y 7.0 podría permitir que un atacante cree rutas de flujo de control mediante la aplicación, pudiendo omitir las comprobaciones de seguridad. La explotación de esta vulnerabilidad puede resultar en una form... • https://exchange.xforce.ibmcloud.com/vulnerabilities/156162 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1959
https://notcve.org/view.php?id=CVE-2018-1959
24 Jan 2019 — IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633. La Virtual Appliance de IBM Security Identity Manager 7.0.1 contiene credenciales embebidas, como una contraseña o una clave criptográfica, que emplea para su propia autenticación entrante, comunicación saliente hacia componentes e... • http://www.securityfocus.com/bid/106726 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0351
https://notcve.org/view.php?id=CVE-2016-0351
21 Feb 2018 — IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890. IBM Security Identity Manager Virtual Appliance, en versiones 7.0.x anteriores a 7.0.1.3-ISS-SIM-IF0001 no establece la marca secure para la cookie de sesión en una sesión HTTPS. Esto facilita que atacantes r... • http://www-01.ibm.com/support/docview.wss?uid=swg21989198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0367
https://notcve.org/view.php?id=CVE-2016-0367
21 Feb 2018 — IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 112072. IBM Security Identity Manager Virtual Appliance, en versiones 7.0.x anteriores a la 7.0.1.3-ISS-SIM-IF0001 permite que usuarios autenticados remotos obtengan información sensible mediante la lectura de un mensaje de error. IBM X-Force ID: 112072. • http://www-01.ibm.com/support/docview.wss?uid=swg21989198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.4EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9703
https://notcve.org/view.php?id=CVE-2016-9703
01 Feb 2017 — IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. IBM Security Identity Manager Virtual Appliance no invalida los tokens de sesión que podrían permitir que un usuario no autorizado con acceso físico a la estación de trabajo obtenga información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21996761 • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9704
https://notcve.org/view.php?id=CVE-2016-9704
01 Feb 2017 — IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Identity Manager Virtual Appliance es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalida... • http://www.ibm.com/support/docview.wss?uid=swg21996761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9739
https://notcve.org/view.php?id=CVE-2016-9739
01 Feb 2017 — IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. El Dispositivo virtual de IBM Security Identity Manager almacena las credenciales de usuario en un texto plano que puede ser leído por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21996761 • CWE-255: Credentials Management Errors •