CVE-2021-20494
https://notcve.org/view.php?id=CVE-2021-20494
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882. IBM Security Identity Manager Adapters versiones 6.0 y 7.0, son vulnerables a un desbordamiento de búfer en la región heap de la memoria, causado por una comprobación inapropiada de límites. Un usuario autenticado podría desbordar el búfer y causar el bloqueo del servicio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/197882 https://www.ibm.com/support/pages/node/6465875 • CWE-787: Out-of-bounds Write •
CVE-2021-20488
https://notcve.org/view.php?id=CVE-2021-20488
IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789. IBM Security Identity Manager 6.0.2 podría permitir a un usuario malintencionado autentificado cambiar las contraseñas de otros usuarios en el entorno de Windows AD cuando se despliega y configura el complemento de sincronización de contraseñas de Windows de IBM Security Identity Manager. ID de IBM X-Force: 197789 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197789 https://www.ibm.com/support/pages/node/6464081 •
CVE-2021-20483
https://notcve.org/view.php?id=CVE-2021-20483
IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591. IBM Security Identity Manager versión 6.0.2, es vulnerable a un ataque de tipo server-side request forgery (SSRF). Al enviar una petición especialmente diseñada, un atacante remoto autenticado podría explotar esta vulnerabilidad para obtener datos confidenciales. • https://exchange.xforce.ibmcloud.com/vulnerabilities/197591 https://www.ibm.com/support/pages/node/6464081 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-29692
https://notcve.org/view.php?id=CVE-2021-29692
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253. IBM Security Identity Manager versión 7.0.2, podría permitir a un atacante remoto obtener información confidencial, causada por el fallo al habilitar apropiadamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información confidencial usando técnicas de tipo man in the middle. • https://exchange.xforce.ibmcloud.com/vulnerabilities/200253 https://www.ibm.com/support/pages/node/6454587 •
CVE-2021-29691
https://notcve.org/view.php?id=CVE-2021-29691
IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252. IBM Security Identity Manager versión 7.0.2, contiene credenciales embebidas, como una contraseña o clave criptográfica, que usa para su propia autenticación entrante, comunicación saliente a componentes externos o cifrado de datos internos. IBM X-Force ID: 200252 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200252 https://www.ibm.com/support/pages/node/6454587 • CWE-798: Use of Hard-coded Credentials •