CVE-2019-4706
https://notcve.org/view.php?id=CVE-2019-4706
IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016. IBM Security Identity Manager Virtual Appliance versión 7.0.2, escribe información en los archivos de registro que pueden ser de naturaleza confidencial y brindan una valiosa orientación a un atacante o exponen información confidencial del usuario. IBM X-Force ID: 172016 • https://exchange.xforce.ibmcloud.com/vulnerabilities/172016 https://www.ibm.com/support/pages/node/6242348 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2019-4705
https://notcve.org/view.php?id=CVE-2019-4705
IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015. IBM Security Identity Manager Virtual Appliance versión 7.0.2, revela información confidencial a usuarios no autorizados. La información puede ser usada para montar nuevos ataques sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172015 https://www.ibm.com/support/pages/node/6242348 •
CVE-2019-4704
https://notcve.org/view.php?id=CVE-2019-4704
IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014. IBM Security Identity Manager Virtual Appliance versión 7.0.2, no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172014 https://www.ibm.com/support/pages/node/6242348 • CWE-311: Missing Encryption of Sensitive Data •
CVE-2019-4676
https://notcve.org/view.php?id=CVE-2019-4676
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512. IBM Security Identity Manager Virtual Appliance, versión 7.0.2 almacena las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local. IBM X-Force ID: 171512 • https://exchange.xforce.ibmcloud.com/vulnerabilities/171512 https://www.ibm.com/support/pages/node/6242348 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2019-4675
https://notcve.org/view.php?id=CVE-2019-4675
IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511. IBM Security Identity Manager versión 7.0.1, contiene credenciales embebidas, tales como una contraseña o clave criptográfica, que la utiliza para su propia autenticación entrante, comunicación saliente a componentes externos o cifrado de datos internos. ID de IBM X-Force: 171511. • https://exchange.xforce.ibmcloud.com/vulnerabilities/171511 https://www.ibm.com/support/pages/node/1288714 • CWE-798: Use of Hard-coded Credentials •