CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1968
https://notcve.org/view.php?id=CVE-2018-1968
11 Jul 2019 — IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153749. Security Identity Manager versión 7.0.1 de IBM, revela información confidencial a usuarios no autorizados. La información puede ser utilizada para montar nuevos ataques sobre el sistema. • http://www.ibm.com/support/docview.wss?uid=ibm10958077 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0351
https://notcve.org/view.php?id=CVE-2016-0351
21 Feb 2018 — IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890. IBM Security Identity Manager Virtual Appliance, en versiones 7.0.x anteriores a 7.0.1.3-ISS-SIM-IF0001 no establece la marca secure para la cookie de sesión en una sesión HTTPS. Esto facilita que atacantes r... • http://www-01.ibm.com/support/docview.wss?uid=swg21989198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0367
https://notcve.org/view.php?id=CVE-2016-0367
21 Feb 2018 — IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 112072. IBM Security Identity Manager Virtual Appliance, en versiones 7.0.x anteriores a la 7.0.1.3-ISS-SIM-IF0001 permite que usuarios autenticados remotos obtengan información sensible mediante la lectura de un mensaje de error. IBM X-Force ID: 112072. • http://www-01.ibm.com/support/docview.wss?uid=swg21989198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.4EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9703
https://notcve.org/view.php?id=CVE-2016-9703
01 Feb 2017 — IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. IBM Security Identity Manager Virtual Appliance no invalida los tokens de sesión que podrían permitir que un usuario no autorizado con acceso físico a la estación de trabajo obtenga información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21996761 • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9704
https://notcve.org/view.php?id=CVE-2016-9704
01 Feb 2017 — IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Identity Manager Virtual Appliance es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalida... • http://www.ibm.com/support/docview.wss?uid=swg21996761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •