CVSS: 2.4EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9703
https://notcve.org/view.php?id=CVE-2016-9703
01 Feb 2017 — IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. IBM Security Identity Manager Virtual Appliance no invalida los tokens de sesión que podrían permitir que un usuario no autorizado con acceso físico a la estación de trabajo obtenga información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21996761 • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9704
https://notcve.org/view.php?id=CVE-2016-9704
01 Feb 2017 — IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Identity Manager Virtual Appliance es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalida... • http://www.ibm.com/support/docview.wss?uid=swg21996761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9739
https://notcve.org/view.php?id=CVE-2016-9739
01 Feb 2017 — IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. El Dispositivo virtual de IBM Security Identity Manager almacena las credenciales de usuario en un texto plano que puede ser leído por un usuario local. • http://www.ibm.com/support/docview.wss?uid=swg21996761 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5958
https://notcve.org/view.php?id=CVE-2016-5958
01 Feb 2017 — IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Security Privileged Identity Manager podrían permitir a un atacante remoto obtener información sensible, provocada por la falta para establecer el indicador seguro p... • http://www.ibm.com/support/docview.wss?uid=swg21996614 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5964
https://notcve.org/view.php?id=CVE-2016-5964
01 Feb 2017 — IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM Security Privileged Identity Manager Virtual Appliance versión 2.0.2 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto para credenciasles de cuenta por fuerza bruta. • http://www.ibm.com/support/docview.wss?uid=swg21994065 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5966
https://notcve.org/view.php?id=CVE-2016-5966
01 Feb 2017 — IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Security Privileged Identity Manager Virtual Appliance podría permitir a un atacante remoto obtener información sensible, causada por el error para habilitar correctamente HTTP Strict Transport Securi... • http://www.ibm.com/support/docview.wss?uid=swg21996614 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5988
https://notcve.org/view.php?id=CVE-2016-5988
01 Feb 2017 — IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. IBM Security Privileged Identity Manager Virtual Appliance podría revelar información sensible en mensajes de error generados que estarían disponibles para un usuario autenticado. • http://www.ibm.com/support/docview.wss?uid=swg21996614 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5990
https://notcve.org/view.php?id=CVE-2016-5990
01 Feb 2017 — IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server. IBM Security Privileged Identity Manager Virtual Appliance permite a un usuario autenticado cargar archivos maliciosos que serían ejecutados automáticamente por el servidor. • http://www.ibm.com/support/docview.wss?uid=swg21996614 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-2996
https://notcve.org/view.php?id=CVE-2016-2996
24 Nov 2016 — IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors. IBM Security Privileged Identity Manager 2.0 en versiones anteriores a 2.0.2 FP8, cuando se utiliza Virtual Appliance, permite a usuarios remotos autenticados añadir archivos arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21988706 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0353
https://notcve.org/view.php?id=CVE-2016-0353
24 Nov 2016 — IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. IBM Security Privileged Identity Manager 2.0 en versiones anteriores a 2.0.2 FP8, cuando se utiliza Virtual Appliance, no establece el indicador seguro para la cookie de sesión en una sesión https, lo que facilita a ataca... • http://www-01.ibm.com/support/docview.wss?uid=swg21988706 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •