CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1967
https://notcve.org/view.php?id=CVE-2018-1967
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748. La versión 6.0.0 de IBM Security Identity Manager es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/106554 https://exchange.xforce.ibmcloud.com/vulnerabilities/153748 https://www.ibm.com/support/docview.wss?uid=ibm10794615 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1969
https://notcve.org/view.php?id=CVE-2018-1969
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750. La versión 6.0.0 de IBM Security Identity Manager permite que un atacante autenticado suba o transfiera archivos de tipos peligrosos que pueden procesarse automáticamente en el entorno del producto. IBM X-Force ID: 153750. • http://www.securityfocus.com/bid/106554 https://exchange.xforce.ibmcloud.com/vulnerabilities/153750 https://www.ibm.com/support/docview.wss?uid=ibm10794615 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6112
https://notcve.org/view.php?id=CVE-2014-6112
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 facilitan que atacantes remotos obtengan información sensible aprovechando el soporte para cifrados SSL débiles. IBM X-Force ID: 96184. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96184 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6108
https://notcve.org/view.php?id=CVE-2014-6108
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podrían permitir que atacantes Man-in-the-Middle (MitM) obtengan información sensible aprovechando una conexión no cifrada para las interfaces. IBM X-Force ID: 96172. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96172 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6109
https://notcve.org/view.php?id=CVE-2014-6109
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podrían permitir que usuarios remotos autenticados omitan las restricciones de acceso planeadas y obtengan información sensible mediante vectores relacionados con consultas LDAP del lado del servidor. IBM X-Force ID: 96173. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96173 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •