CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4243
https://notcve.org/view.php?id=CVE-2020-4243
05 Aug 2020 — IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420. Virtual Appliance de IBM Security Identity Governance and Intelligence versión 5.2.6, podría permitir a un atacante remoto obtener información confidencial usando técnicas de tipo man in the middle debido a que no invalidan apropiadamente los tokens de sesión. IBM X-F... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175420 • CWE-384: Session Fixation •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4248
https://notcve.org/view.php?id=CVE-2020-4248
28 May 2020 — IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484. IBM Security Identity Governance and Intelligence versión 5.2.6, podría permitir a un atacante remoto obtener información confidencial cuando un mensaje de error técnico detallado es devuelto en el navegador. Esta información podría... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175484 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4249
https://notcve.org/view.php?id=CVE-2020-4249
28 May 2020 — IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485. IBM Security Identity Governance and Intelligence versión 5.2.6, podría revelar información altamente confidencial a otros usuarios autenticados en el sistema debido a una autorización incorrecta. IBM X-Force ID: 175485. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175485 • CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4246
https://notcve.org/view.php?id=CVE-2020-4246
28 May 2020 — IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 175481. IBM Security Identity Governance and Intelligence versión 5.2.6, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para expone... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175481 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4245
https://notcve.org/view.php?id=CVE-2020-4245
28 May 2020 — IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423. IBM Security Identity Governance and Intelligence versión 5.2.6, no requiere que los usuarios tengan contraseñas fuertes por defecto, lo que facilita a atacantes comprometer las cuentas de los usuarios. IBM X-Force ID: 175423. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175423 • CWE-521: Weak Password Requirements •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4244
https://notcve.org/view.php?id=CVE-2020-4244
28 May 2020 — IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422. IBM Security Identity Governance and Intelligence versión 5.2.6, podría permitir a un usuario no autorizado obtener información confidencial mediante la enumeración de usuarios. IBM X-Force ID: 175422. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175422 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4233
https://notcve.org/view.php?id=CVE-2020-4233
28 May 2020 — IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 175360. IBM Security Identity Governance and Intelligence versión 5.2.6, podría permitir a un atacante remoto obtener información confiden... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175360 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4232
https://notcve.org/view.php?id=CVE-2020-4232
28 May 2020 — IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336. IBM Security Identity Governance and Intelligence versión 5.2.6, podría permitir a un atacante enumerar nombres de usuario para encontrar credenciales de inicio de sesión válidas que podrían ser usadas para intentar nuevos ataques contra el sistema. IBM X-Force ID: 175336. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175336 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4231
https://notcve.org/view.php?id=CVE-2020-4231
28 May 2020 — IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. IBM X-Force ID: 175335. IBM Security Identity Governance and Intelligence versión 5.2.6, podría permitir a un atacante enumerar nombres de usuario para encontrar credenciales de inicio de sesión válidas que podrían ser usadas para intentar nuevos ataques contra el sistema. IBM X-Force ID: 175336. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175335 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1945
https://notcve.org/view.php?id=CVE-2018-1945
21 Feb 2019 — IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 153387. IBM Security Identity and Governance and Intelligence, desde la versión 5.2 hasta la 5.2.4.1 Virtual Appliance, podría permitir... • https://exchange.xforce.ibmcloud.com/vulnerabilities/153387 • CWE-20: Improper Input Validation •