CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5963
https://notcve.org/view.php?id=CVE-2016-5963
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors. IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 no valida correctamente actualizaciones, lo que permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 http://www.securityfocus.com/bid/93076 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5957
https://notcve.org/view.php?id=CVE-2016-5957
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm. IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 permite a atacantes remotos derrotar los mecanismos de protección criptográficos y obtener información sensible aprovechando un algoritmo débil. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 http://www.securityfocus.com/bid/93083 • CWE-310: Cryptographic Issues •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0339
https://notcve.org/view.php?id=CVE-2016-0339
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records." IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.1 en versiones anteriores a 7.0.1-ISS-SIM-FP0003 maneja incorrectamente identificadores de sesión después del cierre de sesión, lo que facilita a atacantes remotos suplantar usuarios aprovechando el conocimiento de "traffic records". • http://www-01.ibm.com/support/docview.wss?uid=swg21985736 http://www.securityfocus.com/bid/91689 http://www.securitytracker.com/id/1036255 • CWE-284: Improper Access Control •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0340
https://notcve.org/view.php?id=CVE-2016-0340
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation. IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.1 en versiones anteriores a 7.0.1-ISS-SIM-FP0003 maneja incorrectamente el vencimiento de sesión, lo que permite a atacantes remotos secuestrar sesiones aprovechando una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21985736 http://www.securityfocus.com/bid/91692 http://www.securitytracker.com/id/1036255 • CWE-284: Improper Access Control •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0330
https://notcve.org/view.php?id=CVE-2016-0330
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm. IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.1 en versiones anteriores a 7.0.1-ISS-SIM-FP0003 maneja incorrectamente la creación de contraseñas, lo que facilita a atacantes remotos obtener acceso aprovechando un ataque contra el algoritmo de contraseña. • http://www-01.ibm.com/support/docview.wss?uid=swg21985736 http://www.securitytracker.com/id/1036255 • CWE-255: Credentials Management Errors •