Page 4 of 91 results (0.007 seconds)

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016. IBM Security Identity Manager Virtual Appliance versión 7.0.2, escribe información en los archivos de registro que pueden ser de naturaleza confidencial y brindan una valiosa orientación a un atacante o exponen información confidencial del usuario. IBM X-Force ID: 172016 • https://exchange.xforce.ibmcloud.com/vulnerabilities/172016 https://www.ibm.com/support/pages/node/6242348 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015. IBM Security Identity Manager Virtual Appliance versión 7.0.2, revela información confidencial a usuarios no autorizados. La información puede ser usada para montar nuevos ataques sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172015 https://www.ibm.com/support/pages/node/6242348 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014. IBM Security Identity Manager Virtual Appliance versión 7.0.2, no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172014 https://www.ibm.com/support/pages/node/6242348 • CWE-311: Missing Encryption of Sensitive Data •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512. IBM Security Identity Manager Virtual Appliance, versión 7.0.2 almacena las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local. IBM X-Force ID: 171512 • https://exchange.xforce.ibmcloud.com/vulnerabilities/171512 https://www.ibm.com/support/pages/node/6242348 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511. IBM Security Identity Manager versión 7.0.1, contiene credenciales embebidas, tales como una contraseña o clave criptográfica, que la utiliza para su propia autenticación entrante, comunicación saliente a componentes externos o cifrado de datos internos. ID de IBM X-Force: 171511. • https://exchange.xforce.ibmcloud.com/vulnerabilities/171511 https://www.ibm.com/support/pages/node/1288714 • CWE-798: Use of Hard-coded Credentials •