CVE-2014-6105
https://notcve.org/view.php?id=CVE-2014-6105
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://secunia.com/advisories/62363 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •
CVE-2014-6096
https://notcve.org/view.php?id=CVE-2014-6096
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad de XSS en IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF4 permite a atacantes remotos inyectar secuencias de comkandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/62363 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637 http://www-01.ibm.com/support/docview.wss? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-6107
https://notcve.org/view.php?id=CVE-2014-6107
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos obtener información sensible de cookies capturando el tráfico de red durante una sesión HTTP. • http://secunia.com/advisories/62363 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637 http://www-01.ibm.com/support/docview.wss? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-6095
https://notcve.org/view.php?id=CVE-2014-6095
Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/62363 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637 http://www-01.ibm.com/support/docview.wss? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-6110
https://notcve.org/view.php?id=CVE-2014-6110
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 no realiza debidamente las acciones de cierre de sesión, lo que permite a atacantes remotos acceder a sesiones mediante el aprovechamiento de una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637 http://www-01.ibm.com/support/docview.wss? • CWE-284: Improper Access Control •