CVE-2019-4038
https://notcve.org/view.php?id=CVE-2019-4038
IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162. IBM Security Identity Manager 6.0 y 7.0 podría permitir que un atacante cree rutas de flujo de control mediante la aplicación, pudiendo omitir las comprobaciones de seguridad. La explotación de esta vulnerabilidad puede resultar en una forma limitada de inyección de código. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156162 https://www.ibm.com/support/docview.wss?uid=ibm10869604 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2017-1405
https://notcve.org/view.php?id=CVE-2017-1405
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392. IBM Security Identity Manager Virtual Appliance 7.0 procesa parches, backups de imágenes y otras actualizaciones sin verificar lo suficiente el origen e integridad del código. IBM X-Force ID: 127392. • http://www.ibm.com/support/docview.wss?uid=swg22013617 https://exchange.xforce.ibmcloud.com/vulnerabilities/127392 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2018-1453
https://notcve.org/view.php?id=CVE-2018-1453
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055. IBM Security Identity Manager Virtual Appliance 7.0 permite que un atacante autenticado suba o transfiera archivos de tipos peligrosos que pueden procesarse automáticamente en el entorno. IBM X-Force ID: 140055. • http://www.ibm.com/support/docview.wss?uid=swg22013617 http://www.securitytracker.com/id/1041383 https://exchange.xforce.ibmcloud.com/vulnerabilities/140055 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2016-0351
https://notcve.org/view.php?id=CVE-2016-0351
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890. IBM Security Identity Manager Virtual Appliance, en versiones 7.0.x anteriores a 7.0.1.3-ISS-SIM-IF0001 no establece la marca secure para la cookie de sesión en una sesión HTTPS. Esto facilita que atacantes remotos capturen esta cookie interceptando su transmisión en una sesión HTTP. IBM X-Force ID: 111890. • http://www-01.ibm.com/support/docview.wss?uid=swg21989198 https://exchange.xforce.ibmcloud.com/vulnerabilities/111890 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-0367
https://notcve.org/view.php?id=CVE-2016-0367
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 112072. IBM Security Identity Manager Virtual Appliance, en versiones 7.0.x anteriores a la 7.0.1.3-ISS-SIM-IF0001 permite que usuarios autenticados remotos obtengan información sensible mediante la lectura de un mensaje de error. IBM X-Force ID: 112072. • http://www-01.ibm.com/support/docview.wss?uid=swg21989198 https://exchange.xforce.ibmcloud.com/vulnerabilities/112072 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •