19 results (0.005 seconds)

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016. IBM Security Identity Manager Virtual Appliance versión 7.0.2, escribe información en los archivos de registro que pueden ser de naturaleza confidencial y brindan una valiosa orientación a un atacante o exponen información confidencial del usuario. IBM X-Force ID: 172016 • https://exchange.xforce.ibmcloud.com/vulnerabilities/172016 https://www.ibm.com/support/pages/node/6242348 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015. IBM Security Identity Manager Virtual Appliance versión 7.0.2, revela información confidencial a usuarios no autorizados. La información puede ser usada para montar nuevos ataques sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172015 https://www.ibm.com/support/pages/node/6242348 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014. IBM Security Identity Manager Virtual Appliance versión 7.0.2, no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172014 https://www.ibm.com/support/pages/node/6242348 • CWE-311: Missing Encryption of Sensitive Data •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512. IBM Security Identity Manager Virtual Appliance, versión 7.0.2 almacena las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local. IBM X-Force ID: 171512 • https://exchange.xforce.ibmcloud.com/vulnerabilities/171512 https://www.ibm.com/support/pages/node/6242348 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749. Security Identity Manager versión 7.0.1 de IBM, revela información confidencial a usuarios no autorizados. La información puede ser utilizada para montar nuevos ataques sobre el sistema. • http://www.ibm.com/support/docview.wss?uid=ibm10958077 https://exchange.xforce.ibmcloud.com/vulnerabilities/153749 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •