CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4674
https://notcve.org/view.php?id=CVE-2019-4674
04 Feb 2020 — IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510. IBM Security Identity Manager versión 7.0.1, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias "dot dot" (/../) para visualizar archivos arb... • https://exchange.xforce.ibmcloud.com/vulnerabilities/171510 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4451
https://notcve.org/view.php?id=CVE-2019-4451
04 Feb 2020 — IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493. IBM Security Identity Manager versión 6.0.0, presenta una vulnerabilidad de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterand... • https://exchange.xforce.ibmcloud.com/vulnerabilities/163493 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2019-4561
https://notcve.org/view.php?id=CVE-2019-4561
20 Nov 2019 — IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456. IBM Security Identity Manager versión 6.0.0, podría permitir a un atacante remoto ejecutar código arbitrario sobre el sistema, causado por la deserialización de datos no seguros. Persu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/166456 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1968
https://notcve.org/view.php?id=CVE-2018-1968
11 Jul 2019 — IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749. Security Identity Manager versión 7.0.1 de IBM, revela información confidencial a usuarios no autorizados. La información puede ser utilizada para montar nuevos ataques sobre el sistema. • http://www.ibm.com/support/docview.wss?uid=ibm10958077 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1680
https://notcve.org/view.php?id=CVE-2018-1680
02 Apr 2019 — IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236. IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 no requiere que los usuarios tengan contraseñas robustas por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 145236. • http://www.ibm.com/support/docview.wss?uid=ibm10879093 • CWE-521: Weak Password Requirements •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2018-1640
https://notcve.org/view.php?id=CVE-2018-1640
02 Apr 2019 — IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580. IBM Security Identity Manager Virtual Appliance 2.2.1 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. Mediante el envío de una petición especialmente manipul... • http://www.ibm.com/support/docview.wss?uid=ibm10879093 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1626
https://notcve.org/view.php?id=CVE-2018-1626
02 Apr 2019 — IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411. IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 no renueva una variable de sesión tras una autenticación exitosa. Esto podría conducir a una vulnerabilidad de fijación/secuestro de sesión. • http://www.ibm.com/support/docview.wss?uid=ibm10879093 • CWE-384: Session Fixation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1625
https://notcve.org/view.php?id=CVE-2018-1625
02 Apr 2019 — IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410. IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 genera un mensaje de error que incluye información sensible sobre su entorno, usuarios o datos asociados. IBM X-Force ID: 144410. • http://www.ibm.com/support/docview.wss?uid=ibm10879093 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1623
https://notcve.org/view.php?id=CVE-2018-1623
02 Apr 2019 — IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408. IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 permite que las páginas web se almacenen localmente, lo que permite que sean leídas por otro usuario en el sistema. IBM X-Force ID: 144408. • http://www.ibm.com/support/docview.wss?uid=ibm10879093 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1622
https://notcve.org/view.php?id=CVE-2018-1622
02 Apr 2019 — IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348. IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 es vulnerable a ataques de Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas enviadas de un usuario en el que la página we... • http://www.ibm.com/support/docview.wss?uid=ibm10879093 • CWE-352: Cross-Site Request Forgery (CSRF) •