CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29692
https://notcve.org/view.php?id=CVE-2021-29692
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253. IBM Security Identity Manager versión 7.0.2, podría permitir a un atacante remoto obtener información confidencial, causada por el fallo al habilitar apropiadamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información confidencial usando técnicas de tipo man in the middle. • https://exchange.xforce.ibmcloud.com/vulnerabilities/200253 https://www.ibm.com/support/pages/node/6454587 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29691
https://notcve.org/view.php?id=CVE-2021-29691
IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252. IBM Security Identity Manager versión 7.0.2, contiene credenciales embebidas, como una contraseña o clave criptográfica, que usa para su propia autenticación entrante, comunicación saliente a componentes externos o cifrado de datos internos. IBM X-Force ID: 200252 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200252 https://www.ibm.com/support/pages/node/6454587 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-29688
https://notcve.org/view.php?id=CVE-2021-29688
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102. IBM Security Identity Manager versión 7.0.2, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en nuevos ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/200102 https://www.ibm.com/support/pages/node/6454587 https://www.ibm.com/support/pages/node/6454605 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29686
https://notcve.org/view.php?id=CVE-2021-29686
IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015 IBM Security Identity Manager versión 7.0.2, podría permitir a un usuario autenticado omitir la seguridad y llevar a cabo acciones a las que no debería tener acceso. IBM X-Force ID: 200015 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200015 https://www.ibm.com/support/pages/node/6454587 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29683
https://notcve.org/view.php?id=CVE-2021-29683
IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998. IBM Security Identity Manager versión 7.0.2, almacena las credenciales de usuario en texto sin formato que puede ser leído por un usuario autenticado. IBM X-Force ID: 199998 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199998 https://www.ibm.com/support/pages/node/6454587 • CWE-312: Cleartext Storage of Sensitive Information •