CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1622
https://notcve.org/view.php?id=CVE-2018-1622
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348. IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 es vulnerable a ataques de Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas enviadas de un usuario en el que la página web confía. IBM X-Force ID: 144348. • http://www.ibm.com/support/docview.wss?uid=ibm10879093 https://exchange.xforce.ibmcloud.com/vulnerabilities/144348 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1618
https://notcve.org/view.php?id=CVE-2018-1618
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343. IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 podría permitir que un atacante remoto realice saltos de directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto punto" (/../) para visualizar archivos arbitrarios en el sistema. • http://www.ibm.com/support/docview.wss?uid=ibm10879093 https://exchange.xforce.ibmcloud.com/vulnerabilities/144343 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1705
https://notcve.org/view.php?id=CVE-2017-1705
IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427. IBM Security Privileged Identity Manager 2.1.0 contiene información sensible residual en los comentarios de la página. Aunque en un principio esta información no es visible, se puede obtener visualizando el código fuente de la página. • http://www.ibm.com/support/docview.wss?uid=swg22014988 http://www.securityfocus.com/bid/103677 https://exchange.xforce.ibmcloud.com/vulnerabilities/134427 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0366
https://notcve.org/view.php?id=CVE-2016-0366
IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071. IBM Security Identity Manager Virtual Appliance, en versiones 7.0.x anteriores a la 7.0.1.3-ISS-SIM-IF0001 podría permitir que atacantes remotos obtengan información sensible aprovechando el cifrado débil. IBM X-Force ID: 112071. • http://www-01.ibm.com/support/docview.wss?uid=swg21986260 https://exchange.xforce.ibmcloud.com/vulnerabilities/112071 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1407
https://notcve.org/view.php?id=CVE-2017-1407
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394. IBM Security Identity Manager Virtual Appliance en sus versiones 6.0 y 7.0 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. Mediante el envío de una petición especialmente manipulada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22007377 http://www.securityfocus.com/bid/101015 https://exchange.xforce.ibmcloud.com/vulnerabilities/127394 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •