CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29864
https://notcve.org/view.php?id=CVE-2021-29864
30 Aug 2022 — IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089 IBM Security Identity M... • https://exchange.xforce.ibmcloud.com/vulnerabilities/206089 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4970
https://notcve.org/view.php?id=CVE-2020-4970
19 May 2022 — IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429. IBM Security Identity Governance and Intelligence versiones 5.2.4, 5.2.5 y 5.2.6, podría permitir a un atacante remoto obtener información confidencial, causado por ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192429 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20574
https://notcve.org/view.php?id=CVE-2021-20574
28 Jun 2021 — IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252. IBM Security Identity Manager Adapters versiones 6.0 y 7.0, podrían permitir a un atacante remoto autenticado conducir una inyección LDAP. Al usar una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad y tomar el contro d... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199252 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20573
https://notcve.org/view.php?id=CVE-2021-20573
28 Jun 2021 — IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199249. IBM Security Identity Manager Adapters versiones 6.0 y 7.0, son vulnerables a un desbordamiento de búfer en la región heap de la memoria, causado por una comprobación inapropiada de límites. Un atacante autenticado remoto podría desbordar el búfer y causar el bloqueo del... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199249 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20572
https://notcve.org/view.php?id=CVE-2021-20572
28 Jun 2021 — IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247. IBM Security Identity Manager Adapters versiones 6.0 y 7.0, son vulnerables a un desbordamiento de búfer en la región stack de la memoria, causado por una comprobación inapropiada de límites. Un atacante autenticado remoto podría desbordar el búfer y causar el bloqueo d... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199247 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20494
https://notcve.org/view.php?id=CVE-2021-20494
28 Jun 2021 — IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882. IBM Security Identity Manager Adapters versiones 6.0 y 7.0, son vulnerables a un desbordamiento de búfer en la región heap de la memoria, causado por una comprobación inapropiada de límites. Un usuario autenticado podría desbordar el búfer y causar el bloqueo del servicio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/197882 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-20488
https://notcve.org/view.php?id=CVE-2021-20488
16 Jun 2021 — IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789. IBM Security Identity Manager 6.0.2 podría permitir a un usuario malintencionado autentificado cambiar las contraseñas de otros usuarios en el entorno de Windows AD cuando se despliega y configura el complemento de sincronización de contraseñas ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/197789 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-20483
https://notcve.org/view.php?id=CVE-2021-20483
16 Jun 2021 — IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591. IBM Security Identity Manager versión 6.0.2, es vulnerable a un ataque de tipo server-side request forgery (SSRF). Al enviar una petición especialmente diseñada, un atacante remoto autenticado podría explotar esta vulnerabilidad para obtener datos confidenciales. • https://exchange.xforce.ibmcloud.com/vulnerabilities/197591 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29692
https://notcve.org/view.php?id=CVE-2021-29692
20 May 2021 — IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253. IBM Security Identity Manager versión 7.0.2, podría permitir a un atacante remoto obtener información confidencial, causada por el fallo al habilitar apropiadamente HTTP Strict Transport Security. U... • https://exchange.xforce.ibmcloud.com/vulnerabilities/200253 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29691
https://notcve.org/view.php?id=CVE-2021-29691
20 May 2021 — IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252. IBM Security Identity Manager versión 7.0.2, contiene credenciales embebidas, como una contraseña o clave criptográfica, que usa para su propia autenticación entrante, comunicación saliente a componentes externos o cifrado de datos internos. IB... • https://exchange.xforce.ibmcloud.com/vulnerabilities/200252 • CWE-798: Use of Hard-coded Credentials •