CVE-2021-29864
https://notcve.org/view.php?id=CVE-2021-29864
IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089 IBM Security Identity Manager versiones 6.0 y 6.0.2, podría permitir a un atacante remoto conducir ataques de suplantación de identidad, usando un ataque de redireccionamiento abierto. Al persuadir a una víctima para que visite un sitio web especialmente diseñado, un atacante remoto podría explotar esta vulnerabilidad para falsificar la URL mostrada y redirigir al usuario a un sitio web malicioso que parecería ser confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/206089 https://www.ibm.com/support/pages/node/6616101 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-4970
https://notcve.org/view.php?id=CVE-2020-4970
IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429. IBM Security Identity Governance and Intelligence versiones 5.2.4, 5.2.5 y 5.2.6, podría permitir a un atacante remoto obtener información confidencial, causado por el fallo en la habilitación apropiada de HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información confidencial usando técnicas de tipo man in the middle. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192429 https://www.ibm.com/support/pages/node/6587435 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2021-20574
https://notcve.org/view.php?id=CVE-2021-20574
IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252. IBM Security Identity Manager Adapters versiones 6.0 y 7.0, podrían permitir a un atacante remoto autenticado conducir una inyección LDAP. Al usar una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad y tomar el contro de otras cuentas. • https://exchange.xforce.ibmcloud.com/vulnerabilities/199252 https://www.ibm.com/support/pages/node/6465875 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-20573
https://notcve.org/view.php?id=CVE-2021-20573
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199249. IBM Security Identity Manager Adapters versiones 6.0 y 7.0, son vulnerables a un desbordamiento de búfer en la región heap de la memoria, causado por una comprobación inapropiada de límites. Un atacante autenticado remoto podría desbordar el búfer y causar el bloqueo del servidor. • https://exchange.xforce.ibmcloud.com/vulnerabilities/199249 https://www.ibm.com/support/pages/node/6465875 • CWE-787: Out-of-bounds Write •
CVE-2021-20572
https://notcve.org/view.php?id=CVE-2021-20572
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247. IBM Security Identity Manager Adapters versiones 6.0 y 7.0, son vulnerables a un desbordamiento de búfer en la región stack de la memoria, causado por una comprobación inapropiada de límites. Un atacante autenticado remoto podría desbordar el búfer y causar el bloqueo del servidor. • https://exchange.xforce.ibmcloud.com/vulnerabilities/199247 https://www.ibm.com/support/pages/node/6465875 • CWE-787: Out-of-bounds Write •