CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4957
https://notcve.org/view.php?id=CVE-2020-4957
17 May 2022 — IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208. IBM Security Identity Governance and Intelligence versión 5.2.6, podría divulgar información confidencial en parámetros de URL que podrían ayudar en futuros ataques contra el sistema. IBM X-Force ID: 192208 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192208 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4996
https://notcve.org/view.php?id=CVE-2020-4996
09 Feb 2021 — IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913. IBM Security Identity Governance and Intelligence versión 5.2.6, podría permitir a un usuario local obtener información confidencial mediante la captura de screenshots de las credenciales de autenticación. IBM X-Force ID: 192913 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192913 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4995
https://notcve.org/view.php?id=CVE-2020-4995
09 Feb 2021 — IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 192912. IBM Security Identity Governance and Intelligence versión 5.2.6, no invalida la sesión después del cierre de sesión, lo que podría permitir a un usuario obtener información confidencial de la sesión de otro usuario. IBM X-Force ID: 192912 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192912 • CWE-613: Insufficient Session Expiration •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4795
https://notcve.org/view.php?id=CVE-2020-4795
09 Feb 2021 — IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446. IBM Security Identity Governance and Intelligence versión 5.2.6, podría revelar información confidencial a un usuario no autorizado mediante una petición HTTP especialmente diseñada. IBM X-Force ID: 189446 • https://exchange.xforce.ibmcloud.com/vulnerabilities/189446 •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4791
https://notcve.org/view.php?id=CVE-2020-4791
09 Feb 2021 — IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379. IBM Security Identity Governance and Intelligence versión 5.2.6, podría permitir a un atacante obtener información confidencial utilizando ataques de tipo man in the middle debido a una comprobación inapropiada del certificado. IBM X-Force ID: 189379 • https://exchange.xforce.ibmcloud.com/vulnerabilities/189379 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4790
https://notcve.org/view.php?id=CVE-2020-4790
09 Feb 2021 — IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375. IBM Security Identity Governance and Intelligence versión 5.2.6, podría permitir a un usuario causar una denegación de servicio debido a una comprobación inapropiada de una URL suministrada, haciendo que la aplicación no se pueda utilizar. IBM X-Force ID: 189375 • https://exchange.xforce.ibmcloud.com/vulnerabilities/189375 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4969
https://notcve.org/view.php?id=CVE-2020-4969
21 Jan 2021 — IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Security Identity Governance and Intelligence versión 5.2.6, podría permitir a un atacante remoto obtener información confidencial, provocada por la falla al habilitar correctamente HTTP Strict Transport... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192428 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4968
https://notcve.org/view.php?id=CVE-2020-4968
21 Jan 2021 — IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427. IBM Security Identity Governance and Intelligence versión 5.2.6, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 192427 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192427 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4966
https://notcve.org/view.php?id=CVE-2020-4966
21 Jan 2021 — IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 192423. IBM Security Identity Governance and Intelligence versión 5.2.6, no establece el atributo seguro e... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192423 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4958
https://notcve.org/view.php?id=CVE-2020-4958
21 Jan 2021 — IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209. IBM Security Identity Governance and Intelligence versión 5.2.6, no realiza ninguna autenticación para la funcionalidad que requiere una identidad de usuario demostrable o consume una cantidad significativa de recursos. IBM X-Force ID: 192209 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192209 • CWE-306: Missing Authentication for Critical Function •