CVE-2009-2583
https://notcve.org/view.php?id=CVE-2009-2583
Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces. Múltiples vulnerabilidades de fijación de sesión en IBM Tivoli Identity Manager (ITIM) v5.0.0.6 permite a atacantes remotos secuestrar sesiones web mediante vectores no definidos relacionados con (1)la consola y (2) la interfaz de servicio. • http://secunia.com/advisories/35931 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659 http://www-01.ibm.com/support/docview.wss?uid=swg24023826 http://www.securityfocus.com/bid/35779 http://www.securitytracker.com/id?1022597 http://www.vupen.com/english/advisories/2009/1990 • CWE-20: Improper Input Validation •
CVE-2009-2316
https://notcve.org/view.php?id=CVE-2009-2316
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM Tivoli Identity Manager (ITIM) v5.0, permiten a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección al introducir una URL no especificada en (1) la interfaz del propio servicio UI o (2) la interfaz de la consola. • http://osvdb.org/55550 http://osvdb.org/55551 http://secunia.com/advisories/35696 http://secunia.com/advisories/36119 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54310 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54311 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55518 http://www-01.ibm.com/support/docview.wss?uid=swg24023640 http://www-01.ibm.com/support/docview.wss? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-6607
https://notcve.org/view.php?id=CVE-2006-6607
The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. El Java Key Store (JKS) para WebSphere Application Server (WAS) para IBM Tivoli Identity Manager (ITIM) 4.6 pone la contraseña JKS en una linea de comando -Djavax.net.ssl.trustStorePassword, lo cual permite a un usuario local obtener contraseña a traves de listar el proceso o usando otros métodos. • http://secunia.com/advisories/23359 http://securitytracker.com/id?1017380 http://www-1.ibm.com/support/docview.wss?uid=swg21251069 http://www.securityfocus.com/bid/21570 http://www.vupen.com/english/advisories/2006/4989 https://exchange.xforce.ibmcloud.com/vulnerabilities/30865 •
CVE-2004-2558
https://notcve.org/view.php?id=CVE-2004-2558
Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack." • http://secunia.com/advisories/11761 http://www-1.ibm.com/support/docview.wss?uid=swg21168762 http://www.securityfocus.com/bid/10449 https://exchange.xforce.ibmcloud.com/vulnerabilities/16315 •