CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0340
https://notcve.org/view.php?id=CVE-2016-0340
15 Jul 2016 — IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation. IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.1 en versiones anteriores a 7.0.1-ISS-SIM-FP0003 maneja incorrectamente el vencimiento de sesión, lo que permite a atacantes remotos secuestrar sesiones aprovechando una estación de trabajo desatend... • http://www-01.ibm.com/support/docview.wss?uid=swg21985736 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0357
https://notcve.org/view.php?id=CVE-2016-0357
15 Jul 2016 — IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site. IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 hasta la versión 7.0.1.1 en versiones anteriores a 7.0.1-ISS-SIM-FP0003 permite a atacantes remotos llevar a cabo ataques de clickjacking a través de un sitio web manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21985736 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8923
https://notcve.org/view.php?id=CVE-2014-8923
25 Mar 2015 — The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file. El adaptador (1) IBM Tivoli Identity Manager Active Directory en versiones anteriores a 5.1.24 y el adaptador (2) IBM Security Ide... • http://www-01.ibm.com/support/docview.wss?uid=swg21699902 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 14EXPL: 0CVE-2014-6168
https://notcve.org/view.php?id=CVE-2014-6168
29 Dec 2014 — Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad CSRF en IBM Security Identity Manager 5.1 anterior a 5.1.0.15 IF0056 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para peticiones que insertan secuencias XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21692907 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6095
https://notcve.org/view.php?id=CVE-2014-6095
18 Nov 2014 — Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/62363 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6096
https://notcve.org/view.php?id=CVE-2014-6096
18 Nov 2014 — Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad de XSS en IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF4 permite a atacantes remotos inyectar secuencias de comkandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/62363 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6098
https://notcve.org/view.php?id=CVE-2014-6098
18 Nov 2014 — IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos descubrir credenciales en texto claro a través de una petición manipulada. • http://secunia.com/advisories/62363 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6105
https://notcve.org/view.php?id=CVE-2014-6105
18 Nov 2014 — IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://secunia.com/advisories/62363 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6107
https://notcve.org/view.php?id=CVE-2014-6107
18 Nov 2014 — IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos obtener información sensible de cookies capturando el tráfico de red durante una sesión HTTP. • http://secunia.com/advisories/62363 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6110
https://notcve.org/view.php?id=CVE-2014-6110
18 Nov 2014 — IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 no realiza debidamente las acciones de cierre de sesión, lo que permite a atacantes remotos acceder a sesiones mediante el aprovechamiento de una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496 • CWE-284: Improper Access Control •