CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4243
https://notcve.org/view.php?id=CVE-2020-4243
IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420. Virtual Appliance de IBM Security Identity Governance and Intelligence versión 5.2.6, podría permitir a un atacante remoto obtener información confidencial usando técnicas de tipo man in the middle debido a que no invalidan apropiadamente los tokens de sesión. IBM X-Force ID: 175420 • https://exchange.xforce.ibmcloud.com/vulnerabilities/175420 https://www.ibm.com/support/pages/node/6255972 • CWE-384: Session Fixation •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4248
https://notcve.org/view.php?id=CVE-2020-4248
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484. IBM Security Identity Governance and Intelligence versión 5.2.6, podría permitir a un atacante remoto obtener información confidencial cuando un mensaje de error técnico detallado es devuelto en el navegador. Esta información podría ser usada en nuevos ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175484 https://www.ibm.com/support/pages/node/6207913 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4249
https://notcve.org/view.php?id=CVE-2020-4249
IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485. IBM Security Identity Governance and Intelligence versión 5.2.6, podría revelar información altamente confidencial a otros usuarios autenticados en el sistema debido a una autorización incorrecta. IBM X-Force ID: 175485. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175485 https://www.ibm.com/support/pages/node/6207911 • CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4246
https://notcve.org/view.php?id=CVE-2020-4246
IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 175481. IBM Security Identity Governance and Intelligence versión 5.2.6, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175481 https://www.ibm.com/support/pages/node/6207902 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4245
https://notcve.org/view.php?id=CVE-2020-4245
IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 175423. IBM Security Identity Governance and Intelligence versión 5.2.6, no requiere que los usuarios tengan contraseñas fuertes por defecto, lo que facilita a atacantes comprometer las cuentas de los usuarios. IBM X-Force ID: 175423. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175423 https://www.ibm.com/support/pages/node/6207908 • CWE-521: Weak Password Requirements •