CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1969
https://notcve.org/view.php?id=CVE-2018-1969
14 Jan 2019 — IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750. La versión 6.0.0 de IBM Security Identity Manager permite que un atacante autenticado suba o transfiera archivos de tipos peligrosos que pueden procesarse automáticamente en el entorno del producto. IBM X-Force ID: 153750. • http://www.securityfocus.com/bid/106554 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6108
https://notcve.org/view.php?id=CVE-2014-6108
20 Apr 2018 — IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.... • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6109
https://notcve.org/view.php?id=CVE-2014-6109
20 Apr 2018 — IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS... • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6111
https://notcve.org/view.php?id=CVE-2014-6111
20 Apr 2018 — IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anterior... • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 • CWE-255: Credentials Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6112
https://notcve.org/view.php?id=CVE-2014-6112
20 Apr 2018 — IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a... • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1483
https://notcve.org/view.php?id=CVE-2017-1483
27 Sep 2017 — IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621. IBM Security Identity Manager Adapters 6.0 y 7.0 no realizan chequeos de autenticación para un recurso o funcionalidad críticos, permitiendo que los usuarios anónimos accedan a áreas protegidas. IBM X-Force ID: 128621. • http://www.ibm.com/support/docview.wss?uid=swg22007375 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 3%CPEs: 7EXPL: 0CVE-2017-1407
https://notcve.org/view.php?id=CVE-2017-1407
27 Sep 2017 — IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394. IBM Security Identity Manager Virtual Appliance en sus versiones 6.0 y 7.0 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. Mediante el envío de una petición espec... • http://www.ibm.com/support/docview.wss?uid=swg22007377 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1362
https://notcve.org/view.php?id=CVE-2017-1362
25 Sep 2017 — IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801. IBM Security Identity Manager Adapters 6.0 y 7.0 almacena las credenciales de usuario en texto plano, por lo que podrían ser leídos por un usuario local. IBM X-Force ID: 126801. • http://www.ibm.com/support/docview.wss?uid=swg22007381 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0CVE-2014-6106
https://notcve.org/view.php?id=CVE-2014-6106
18 Sep 2017 — Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors. Existe una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en las versiones 5.1, 6.0 y 7.0 de IBM Security Identity Manager que permite que atacantes remotos secuestren la autenticación de usuarios para peticiones... • http://www.securityfocus.com/bid/73167 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6095
https://notcve.org/view.php?id=CVE-2014-6095
18 Nov 2014 — Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/62363 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •