CVSS: 2.4EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9703
https://notcve.org/view.php?id=CVE-2016-9703
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. IBM Security Identity Manager Virtual Appliance no invalida los tokens de sesión que podrían permitir que un usuario no autorizado con acceso físico a la estación de trabajo obtenga información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21996761 http://www.securityfocus.com/bid/95327 http://www.securitytracker.com/id/1037765 • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9704
https://notcve.org/view.php?id=CVE-2016-9704
IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Identity Manager Virtual Appliance es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21996761 http://www.securityfocus.com/bid/95323 http://www.securitytracker.com/id/1037765 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3040
https://notcve.org/view.php?id=CVE-2016-3040
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de CSFR en IBM Connections 4.x hasta la versión 4.5 CR5, 5.0 en versiones anteriores a CR4 y 5.5 en versiones anteriores a CR1 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 http://www.securityfocus.com/bid/92986 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5971
https://notcve.org/view.php?id=CVE-2016-5971
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 permite a usuarios remotos autenticados leer archivos arbitrarios o provocar una denegación de servicio (consumo de memoria) a través de un documento XML que contiene una declaración de entidad externa en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 http://www.securityfocus.com/bid/93081 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5970
https://notcve.org/view.php?id=CVE-2016-5970
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. Vulnerabilidad de salto de directorio en IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 permite a usuarios remotos autenticados leer archivos arbitrarios a través de .. (punto punto) en una URL. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 http://www.securityfocus.com/bid/93080 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •