CVE-2014-6109
https://notcve.org/view.php?id=CVE-2014-6109
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podrían permitir que usuarios remotos autenticados omitan las restricciones de acceso planeadas y obtengan información sensible mediante vectores relacionados con consultas LDAP del lado del servidor. IBM X-Force ID: 96173. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96173 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVE-2014-6111
https://notcve.org/view.php?id=CVE-2014-6111
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 almacenan credenciales de usuario cifradas y la contraseña del keystore en texto claro en los archivos de configuración, lo que permite que usuarios locales descifren credenciales SIM mediante vectores sin especificar. IBM X-Force ID: 96180. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96180 • CWE-255: Credentials Management Errors •
CVE-2014-6112
https://notcve.org/view.php?id=CVE-2014-6112
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 facilitan que atacantes remotos obtengan información sensible aprovechando el soporte para cifrados SSL débiles. IBM X-Force ID: 96184. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96184 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-6108
https://notcve.org/view.php?id=CVE-2014-6108
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. IBM Tivoli Identity Manager, en versiones 5.1.x anteriores a la 5.1.0.15-ISS-TIM-IF0057, y Security Identity Manager, en versiones 6.0.x anteriores a la 6.0.0.4-ISS-SIM-IF0001 y versiones 7.0.x anteriores a la 7.0.0.0-ISS-SIM-IF0003 podrían permitir que atacantes Man-in-the-Middle (MitM) obtengan información sensible aprovechando una conexión no cifrada para las interfaces. IBM X-Force ID: 96172. • http://www-01.ibm.com/support/docview.wss?uid=swg21698020 https://exchange.xforce.ibmcloud.com/vulnerabilities/96172 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-1705
https://notcve.org/view.php?id=CVE-2017-1705
IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427. IBM Security Privileged Identity Manager 2.1.0 contiene información sensible residual en los comentarios de la página. Aunque en un principio esta información no es visible, se puede obtener visualizando el código fuente de la página. • http://www.ibm.com/support/docview.wss?uid=swg22014988 http://www.securityfocus.com/bid/103677 https://exchange.xforce.ibmcloud.com/vulnerabilities/134427 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •