CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6096
https://notcve.org/view.php?id=CVE-2014-6096
18 Nov 2014 — Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad de XSS en IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF4 permite a atacantes remotos inyectar secuencias de comkandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/62363 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6098
https://notcve.org/view.php?id=CVE-2014-6098
18 Nov 2014 — IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos descubrir credenciales en texto claro a través de una petición manipulada. • http://secunia.com/advisories/62363 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6105
https://notcve.org/view.php?id=CVE-2014-6105
18 Nov 2014 — IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://secunia.com/advisories/62363 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6107
https://notcve.org/view.php?id=CVE-2014-6107
18 Nov 2014 — IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos obtener información sensible de cookies capturando el tráfico de red durante una sesión HTTP. • http://secunia.com/advisories/62363 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6110
https://notcve.org/view.php?id=CVE-2014-6110
18 Nov 2014 — IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 no realiza debidamente las acciones de cierre de sesión, lo que permite a atacantes remotos acceder a sesiones mediante el aprovechamiento de una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496 • CWE-284: Improper Access Control •
CVSS: 8.0EPSS: 0%CPEs: 22EXPL: 0CVE-2014-0961
https://notcve.org/view.php?id=CVE-2014-0961
08 Jun 2014 — Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM Tivoli Identity Manager (ITIM) 5.0 anterior a 5.0.0.15 y 5.1 anterior a 5.1.0.15 y IBM Security Identity Manager (ISIM) 6.0 anterior a 6.0.0.2 permite a usuarios remotos ... • http://secunia.com/advisories/59080 • CWE-352: Cross-Site Request Forgery (CSRF) •