CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6108
https://notcve.org/view.php?id=CVE-2014-6108
20 Apr 2018 — IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.... • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6109
https://notcve.org/view.php?id=CVE-2014-6109
20 Apr 2018 — IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS... • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6111
https://notcve.org/view.php?id=CVE-2014-6111
20 Apr 2018 — IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anterior... • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 • CWE-255: Credentials Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6112
https://notcve.org/view.php?id=CVE-2014-6112
20 Apr 2018 — IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a... • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1443
https://notcve.org/view.php?id=CVE-2018-1443
08 Mar 2018 — An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754. Una vulnerabilidad de análisis sintáctico de XML afecta a los sistemas SSO (Single Sign On) basados en SAML de IBM (IBM Security Ac... • http://www.ibm.com/support/docview.wss?uid=swg22014160 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1319
https://notcve.org/view.php?id=CVE-2017-1319
08 Jun 2017 — IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. Tivoli Federated Identity Manager versión 6.2 de IBM, está afectado por una vulnerabilidad debido a la falta de un atributo seguro en la sesión cookie cifrada (SSL). ID de IBM X-Force: 125731. • http://www-01.ibm.com/support/docview.wss?uid=swg22002871 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.4EPSS: 0%CPEs: 40EXPL: 0CVE-2017-1320
https://notcve.org/view.php?id=CVE-2017-1320
22 May 2017 — IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732. Tivoli Federated Identity Manager versión 6.2 de IMB, es vulnerable a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de us... • http://www.ibm.com/support/docview.wss?uid=swg22002877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4959
https://notcve.org/view.php?id=CVE-2015-4959
18 Jan 2016 — Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 en versiones anteriores a FP16 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV77558 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1966
https://notcve.org/view.php?id=CVE-2015-1966
04 Jul 2015 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to the (1) ERROR_DESCRIPTION and (2) TOKEN:RelayState macros. Múltiples vulnerabilidades de XSS en IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 anterior a FP17, 6.2.1 anterior a FP9, y 6.2.2 ... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV74198 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8923
https://notcve.org/view.php?id=CVE-2014-8923
25 Mar 2015 — The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file. El adaptador (1) IBM Tivoli Identity Manager Active Directory en versiones anteriores a 5.1.24 y el adaptador (2) IBM Security Ide... • http://www-01.ibm.com/support/docview.wss?uid=swg21699902 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •