CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29692
https://notcve.org/view.php?id=CVE-2021-29692
20 May 2021 — IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253. IBM Security Identity Manager versión 7.0.2, podría permitir a un atacante remoto obtener información confidencial, causada por el fallo al habilitar apropiadamente HTTP Strict Transport Security. U... • https://exchange.xforce.ibmcloud.com/vulnerabilities/200253 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29691
https://notcve.org/view.php?id=CVE-2021-29691
20 May 2021 — IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252. IBM Security Identity Manager versión 7.0.2, contiene credenciales embebidas, como una contraseña o clave criptográfica, que usa para su propia autenticación entrante, comunicación saliente a componentes externos o cifrado de datos internos. IB... • https://exchange.xforce.ibmcloud.com/vulnerabilities/200252 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-29688
https://notcve.org/view.php?id=CVE-2021-29688
20 May 2021 — IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102. IBM Security Identity Manager versión 7.0.2, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en nuevos ataques contra... • https://exchange.xforce.ibmcloud.com/vulnerabilities/200102 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29686
https://notcve.org/view.php?id=CVE-2021-29686
20 May 2021 — IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015 IBM Security Identity Manager versión 7.0.2, podría permitir a un usuario autenticado omitir la seguridad y llevar a cabo acciones a las que no debería tener acceso. IBM X-Force ID: 200015 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200015 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29683
https://notcve.org/view.php?id=CVE-2021-29683
20 May 2021 — IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998. IBM Security Identity Manager versión 7.0.2, almacena las credenciales de usuario en texto sin formato que puede ser leído por un usuario autenticado. IBM X-Force ID: 199998 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199998 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29682
https://notcve.org/view.php?id=CVE-2021-29682
20 May 2021 — IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997 IBM Security Identity Manager versión 7.0.2, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en nuevos ataques contra ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199997 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4706
https://notcve.org/view.php?id=CVE-2019-4706
01 Jul 2020 — IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016. IBM Security Identity Manager Virtual Appliance versión 7.0.2, escribe información en los archivos de registro que pueden ser de naturaleza confidencial y brindan una valiosa orientación a un atacante o exponen información confidencial del usuario. IBM X-Force ID: 172016 • https://exchange.xforce.ibmcloud.com/vulnerabilities/172016 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4705
https://notcve.org/view.php?id=CVE-2019-4705
01 Jul 2020 — IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015. IBM Security Identity Manager Virtual Appliance versión 7.0.2, revela información confidencial a usuarios no autorizados. La información puede ser usada para montar nuevos ataques sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172015 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4704
https://notcve.org/view.php?id=CVE-2019-4704
01 Jul 2020 — IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014. IBM Security Identity Manager Virtual Appliance versión 7.0.2, no establece el atributo seguro en to... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172014 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4676
https://notcve.org/view.php?id=CVE-2019-4676
01 Jul 2020 — IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512. IBM Security Identity Manager Virtual Appliance, versión 7.0.2 almacena las credenciales de usuario en texto sin cifrar que puede ser leído por un usuario local. IBM X-Force ID: 171512 • https://exchange.xforce.ibmcloud.com/vulnerabilities/171512 • CWE-312: Cleartext Storage of Sensitive Information •