CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1956
https://notcve.org/view.php?id=CVE-2018-1956
IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628. La versión 6.0.0 de IBM Security Identity Manager no requiere que los usuarios tengan contraseñas fuertes por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 153628. • http://www.securityfocus.com/bid/106554 https://exchange.xforce.ibmcloud.com/vulnerabilities/153628 https://www.ibm.com/support/docview.wss?uid=ibm10794615 • CWE-521: Weak Password Requirements •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1969
https://notcve.org/view.php?id=CVE-2018-1969
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750. La versión 6.0.0 de IBM Security Identity Manager permite que un atacante autenticado suba o transfiera archivos de tipos peligrosos que pueden procesarse automáticamente en el entorno del producto. IBM X-Force ID: 153750. • http://www.securityfocus.com/bid/106554 https://exchange.xforce.ibmcloud.com/vulnerabilities/153750 https://www.ibm.com/support/docview.wss?uid=ibm10794615 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6109
https://notcve.org/view.php?id=CVE-2014-6109
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podrían permitir que usuarios remotos autenticados omitan las restricciones de acceso planeadas y obtengan información sensible mediante vectores relacionados con consultas LDAP del lado del servidor. IBM X-Force ID: 96173. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96173 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6111
https://notcve.org/view.php?id=CVE-2014-6111
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 almacenan credenciales de usuario cifradas y la contraseña del keystore en texto claro en los archivos de configuración, lo que permite que usuarios locales descifren credenciales SIM mediante vectores sin especificar. IBM X-Force ID: 96180. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96180 • CWE-255: Credentials Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6112
https://notcve.org/view.php?id=CVE-2014-6112
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 facilitan que atacantes remotos obtengan información sensible aprovechando el soporte para cifrados SSL débiles. IBM X-Force ID: 96184. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96184 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •