CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2009-2583
https://notcve.org/view.php?id=CVE-2009-2583
23 Jul 2009 — Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces. Múltiples vulnerabilidades de fijación de sesión en IBM Tivoli Identity Manager (ITIM) v5.0.0.6 permite a atacantes remotos secuestrar sesiones web mediante vectores no definidos relacionados con (1)la consola y (2) la interfaz de servicio. • http://secunia.com/advisories/35931 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2316
https://notcve.org/view.php?id=CVE-2009-2316
05 Jul 2009 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM Tivoli Identity Manager (ITIM) v5.0, permiten a atacantes remotos inyectar secuencias de comando... • http://osvdb.org/55550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6607
https://notcve.org/view.php?id=CVE-2006-6607
18 Dec 2006 — The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. El Java Key Store (JKS) para WebSphere Application Server (WAS) para IBM Tivoli Identity Manager (ITIM) 4.6 pone la contraseña JKS en una linea de comando -Djavax.net.ssl.trustStorePassword, lo cual permite a un usuario loc... • http://secunia.com/advisories/23359 •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2004-2558
https://notcve.org/view.php?id=CVE-2004-2558
31 Dec 2004 — Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack." • http://secunia.com/advisories/11761 •