CVSS: 2.4EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9703
https://notcve.org/view.php?id=CVE-2016-9703
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. IBM Security Identity Manager Virtual Appliance no invalida los tokens de sesión que podrían permitir que un usuario no autorizado con acceso físico a la estación de trabajo obtenga información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21996761 http://www.securityfocus.com/bid/95327 http://www.securitytracker.com/id/1037765 • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9704
https://notcve.org/view.php?id=CVE-2016-9704
IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Identity Manager Virtual Appliance es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21996761 http://www.securityfocus.com/bid/95323 http://www.securitytracker.com/id/1037765 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9739
https://notcve.org/view.php?id=CVE-2016-9739
IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. El Dispositivo virtual de IBM Security Identity Manager almacena las credenciales de usuario en un texto plano que puede ser leído por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21996761 http://www.securityfocus.com/bid/95326 http://www.securitytracker.com/id/1037765 • CWE-255: Credentials Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5966
https://notcve.org/view.php?id=CVE-2016-5966
IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Security Privileged Identity Manager Virtual Appliance podría permitir a un atacante remoto obtener información sensible, causada por el error para habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible utilizando técnicas man-in-the-middle. • http://www.ibm.com/support/docview.wss?uid=swg21996614 http://www.securityfocus.com/bid/95197 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5964
https://notcve.org/view.php?id=CVE-2016-5964
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM Security Privileged Identity Manager Virtual Appliance versión 2.0.2 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto para credenciasles de cuenta por fuerza bruta. • http://www.ibm.com/support/docview.wss?uid=swg21994065 http://www.securityfocus.com/bid/94308 • CWE-284: Improper Access Control •