CVE-2019-4038
https://notcve.org/view.php?id=CVE-2019-4038
IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162. IBM Security Identity Manager 6.0 y 7.0 podría permitir que un atacante cree rutas de flujo de control mediante la aplicación, pudiendo omitir las comprobaciones de seguridad. La explotación de esta vulnerabilidad puede resultar en una forma limitada de inyección de código. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156162 https://www.ibm.com/support/docview.wss?uid=ibm10869604 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2014-6109
https://notcve.org/view.php?id=CVE-2014-6109
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podrían permitir que usuarios remotos autenticados omitan las restricciones de acceso planeadas y obtengan información sensible mediante vectores relacionados con consultas LDAP del lado del servidor. IBM X-Force ID: 96173. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96173 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVE-2014-6111
https://notcve.org/view.php?id=CVE-2014-6111
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 almacenan credenciales de usuario cifradas y la contraseña del keystore en texto claro en los archivos de configuración, lo que permite que usuarios locales descifren credenciales SIM mediante vectores sin especificar. IBM X-Force ID: 96180. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96180 • CWE-255: Credentials Management Errors •
CVE-2014-6112
https://notcve.org/view.php?id=CVE-2014-6112
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 facilitan que atacantes remotos obtengan información sensible aprovechando el soporte para cifrados SSL débiles. IBM X-Force ID: 96184. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96184 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-6108
https://notcve.org/view.php?id=CVE-2014-6108
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podrían permitir que atacantes Man-in-the-Middle (MitM) obtengan información sensible aprovechando una conexión no cifrada para las interfaces. IBM X-Force ID: 96172. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96172 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •