CVE-2018-1969
https://notcve.org/view.php?id=CVE-2018-1969
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750. La versión 6.0.0 de IBM Security Identity Manager permite que un atacante autenticado suba o transfiera archivos de tipos peligrosos que pueden procesarse automáticamente en el entorno del producto. IBM X-Force ID: 153750. • http://www.securityfocus.com/bid/106554 https://exchange.xforce.ibmcloud.com/vulnerabilities/153750 https://www.ibm.com/support/docview.wss?uid=ibm10794615 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2014-6109
https://notcve.org/view.php?id=CVE-2014-6109
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podrían permitir que usuarios remotos autenticados omitan las restricciones de acceso planeadas y obtengan información sensible mediante vectores relacionados con consultas LDAP del lado del servidor. IBM X-Force ID: 96173. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96173 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVE-2014-6111
https://notcve.org/view.php?id=CVE-2014-6111
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 almacenan credenciales de usuario cifradas y la contraseña del keystore en texto claro en los archivos de configuración, lo que permite que usuarios locales descifren credenciales SIM mediante vectores sin especificar. IBM X-Force ID: 96180. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96180 • CWE-255: Credentials Management Errors •
CVE-2014-6112
https://notcve.org/view.php?id=CVE-2014-6112
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 facilitan que atacantes remotos obtengan información sensible aprovechando el soporte para cifrados SSL débiles. IBM X-Force ID: 96184. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96184 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-6108
https://notcve.org/view.php?id=CVE-2014-6108
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podrían permitir que atacantes Man-in-the-Middle (MitM) obtengan información sensible aprovechando una conexión no cifrada para las interfaces. IBM X-Force ID: 96172. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96172 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •