CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1622
https://notcve.org/view.php?id=CVE-2018-1622
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348. IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 es vulnerable a ataques de Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas enviadas de un usuario en el que la página web confía. IBM X-Force ID: 144348. • http://www.ibm.com/support/docview.wss?uid=ibm10879093 https://exchange.xforce.ibmcloud.com/vulnerabilities/144348 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1618
https://notcve.org/view.php?id=CVE-2018-1618
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343. IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 podría permitir que un atacante remoto realice saltos de directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto punto" (/../) para visualizar archivos arbitrarios en el sistema. • http://www.ibm.com/support/docview.wss?uid=ibm10879093 https://exchange.xforce.ibmcloud.com/vulnerabilities/144343 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •