CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3040
https://notcve.org/view.php?id=CVE-2016-3040
26 Sep 2016 — IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de CSFR en IBM Connections 4.x hasta la versión 4.5 CR5, 5.0 en versiones anteriores a CR4 y 5.5 en versiones anteriores a CR1 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5957
https://notcve.org/view.php?id=CVE-2016-5957
26 Sep 2016 — IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm. IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 permite a atacantes remotos derrotar los mecanismos de protección criptográficos y obtener información sensible aprovechando un algoritmo débil. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5963
https://notcve.org/view.php?id=CVE-2016-5963
26 Sep 2016 — IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors. IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 no valida correctamente actualizaciones, lo que permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5970
https://notcve.org/view.php?id=CVE-2016-5970
26 Sep 2016 — Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. Vulnerabilidad de salto de directorio en IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 permite a usuarios remotos autenticados leer archivos arbitrarios a través de .. (punto punto) en una URL. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5971
https://notcve.org/view.php?id=CVE-2016-5971
26 Sep 2016 — IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 permite a usuarios remotos autenticados leer archivos arbit... • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5972
https://notcve.org/view.php?id=CVE-2016-5972
26 Sep 2016 — IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 utiliza permisos débiles para fuentes no especificadas, lo que permite a usuarios remotos autenticados obtener información sensible o modificar datos a trav... • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5974
https://notcve.org/view.php?id=CVE-2016-5974
26 Sep 2016 — Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. Vulnerabilidad de XSS en la Web UI en IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una cadena embebi... • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0330
https://notcve.org/view.php?id=CVE-2016-0330
15 Jul 2016 — IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm. IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.1 en versiones anteriores a 7.0.1-ISS-SIM-FP0003 maneja incorrectamente la creación de contraseñas, lo que facilita a atacantes remotos obtener acceso aprovechando un ataque... • http://www-01.ibm.com/support/docview.wss?uid=swg21985736 • CWE-255: Credentials Management Errors •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0338
https://notcve.org/view.php?id=CVE-2016-0338
15 Jul 2016 — IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process. IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.1 en versiones anteriores a 7.0.1-ISS-SIM-FP0003 permite a usuarios locales descubrir contraseñas en texto plano (1) leyendo un archivo de configuración o (2) examinando un proceso. • http://www-01.ibm.com/support/docview.wss?uid=swg21985736 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0339
https://notcve.org/view.php?id=CVE-2016-0339
15 Jul 2016 — IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records." IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.1 en versiones anteriores a 7.0.1-ISS-SIM-FP0003 maneja incorrectamente identificadores de sesión después del cierre de sesión, lo que facilita a atacantes remotos suplan... • http://www-01.ibm.com/support/docview.wss?uid=swg21985736 • CWE-284: Improper Access Control •