CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1959
https://notcve.org/view.php?id=CVE-2018-1959
IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633. La Virtual Appliance de IBM Security Identity Manager 7.0.1 contiene credenciales embebidas, como una contraseña o una clave criptográfica, que emplea para su propia autenticación entrante, comunicación saliente hacia componentes externos o para cifrar datos internos. IBM X-Force ID: 153633. • http://www.securityfocus.com/bid/106726 https://exchange.xforce.ibmcloud.com/vulnerabilities/153633 https://www.ibm.com/support/docview.wss?uid=ibm10796380 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1405
https://notcve.org/view.php?id=CVE-2017-1405
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392. IBM Security Identity Manager Virtual Appliance 7.0 procesa parches, backups de imágenes y otras actualizaciones sin verificar lo suficiente el origen e integridad del código. IBM X-Force ID: 127392. • http://www.ibm.com/support/docview.wss?uid=swg22013617 https://exchange.xforce.ibmcloud.com/vulnerabilities/127392 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1453
https://notcve.org/view.php?id=CVE-2018-1453
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055. IBM Security Identity Manager Virtual Appliance 7.0 permite que un atacante autenticado suba o transfiera archivos de tipos peligrosos que pueden procesarse automáticamente en el entorno. IBM X-Force ID: 140055. • http://www.ibm.com/support/docview.wss?uid=swg22013617 http://www.securitytracker.com/id/1041383 https://exchange.xforce.ibmcloud.com/vulnerabilities/140055 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0335
https://notcve.org/view.php?id=CVE-2016-0335
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 permite que atacantes remotos secuestren la autenticación de usuarios para peticiones que tienen un impacto sin especificar mediante vectores desconocidos. IBM X-Force ID: 111736. • http://www-01.ibm.com/support/docview.wss?uid=swg21981438 https://exchange.xforce.ibmcloud.com/vulnerabilities/111736 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0336
https://notcve.org/view.php?id=CVE-2016-0336
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 permite que usuarios autenticados remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. IBM X-Force ID: 111737. • http://www-01.ibm.com/support/docview.wss?uid=swg21981438 https://exchange.xforce.ibmcloud.com/vulnerabilities/111737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •