CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6107
https://notcve.org/view.php?id=CVE-2014-6107
18 Nov 2014 — IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos obtener información sensible de cookies capturando el tráfico de red durante una sesión HTTP. • http://secunia.com/advisories/62363 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6110
https://notcve.org/view.php?id=CVE-2014-6110
18 Nov 2014 — IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 no realiza debidamente las acciones de cierre de sesión, lo que permite a atacantes remotos acceder a sesiones mediante el aprovechamiento de una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496 • CWE-284: Improper Access Control •
CVSS: 8.0EPSS: 0%CPEs: 22EXPL: 0CVE-2014-0961
https://notcve.org/view.php?id=CVE-2014-0961
08 Jun 2014 — Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM Tivoli Identity Manager (ITIM) 5.0 anterior a 5.0.0.15 y 5.1 anterior a 5.1.0.15 y IBM Security Identity Manager (ISIM) 6.0 anterior a 6.0.0.2 permite a usuarios remotos ... • http://secunia.com/advisories/59080 • CWE-352: Cross-Site Request Forgery (CSRF) •