CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0336
https://notcve.org/view.php?id=CVE-2016-0336
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 permite que usuarios autenticados remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. IBM X-Force ID: 111737. • http://www-01.ibm.com/support/docview.wss?uid=swg21981438 https://exchange.xforce.ibmcloud.com/vulnerabilities/111737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0324
https://notcve.org/view.php?id=CVE-2016-0324
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640. IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 permite que usuarios autenticados remotos ejecuten código arbitrario con privilegios de administrador mediante vectores sin especificar. IBM X-Force ID: 111640. • http://www-01.ibm.com/support/docview.wss?uid=swg21981438 https://exchange.xforce.ibmcloud.com/vulnerabilities/111640 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0327
https://notcve.org/view.php?id=CVE-2016-0327
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643. IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 permite que usuarios autenticados remotos ejecuten código arbitrario con privilegios de administrador mediante vectores sin especificar. IBM X-Force ID: 111643. • http://www-01.ibm.com/support/docview.wss?uid=swg21981438 https://exchange.xforce.ibmcloud.com/vulnerabilities/111643 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0335
https://notcve.org/view.php?id=CVE-2016-0335
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 permite que atacantes remotos secuestren la autenticación de usuarios para peticiones que tienen un impacto sin especificar mediante vectores desconocidos. IBM X-Force ID: 111736. • http://www-01.ibm.com/support/docview.wss?uid=swg21981438 https://exchange.xforce.ibmcloud.com/vulnerabilities/111736 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0332
https://notcve.org/view.php?id=CVE-2016-0332
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695. IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.0 anterior a 7.0.1-ISS-SIM-FP0001 no restringe correctamente intentos fallidos de inicio de sesión, lo que facilita que atacantes remotos obtengan acceso mediante el uso de fuerza bruta. IBM X-Force ID: 111695. • http://www-01.ibm.com/support/docview.wss?uid=swg21981438 https://exchange.xforce.ibmcloud.com/vulnerabilities/111695 • CWE-254: 7PK - Security Features •