Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMACBA42A9F266755DB30CE35DBA1907FB61B1687AAD3415499AF5573BC67595AA
HistoryAug 31, 2021 - 9:19 p.m.

Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance

2021-08-3121:19:46
www.ibm.com
53

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.074 Low

EPSS

Percentile

93.1%

JSON

Summary

IBM Security Identity Manager Virtual Appliance (ISIM VA) has addressed the following vulnerabilities

Vulnerability Details

CVEID:CVE-2021-29682
**DESCRIPTION:**IBM Security Identity Manager could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199997 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2021-29683
**DESCRIPTION:**IBM Security Identity Manager stores user credentials in plain clear text which can be read by an authenticated user.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199998 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2020-11022
**DESCRIPTION:**jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181349 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2020-11023
**DESCRIPTION:**jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181350 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2017-10190
**DESCRIPTION:**An unspecified vulnerability in Oracle Database Server related to the Java VM component could allow an authenticated attacker to take control of the system.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/133700 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2017-10202
**DESCRIPTION:**An unspecified vulnerability in Oracle Database Server related to the OJVM component could allow an authenticated attacker to take control of the system.
CVSS Base score: 9.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/128941 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2017-10292
**DESCRIPTION:**An unspecified vulnerability in Oracle Database Server related to the RDBMS Security component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 2.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/133726 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2017-10321
**DESCRIPTION:**An unspecified vulnerability in Oracle Database Server related to the Core RDBMS component could allow an authenticated attacker to take control of the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/133750 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2019-2406
**DESCRIPTION:**An unspecified vulnerability in Oracle Database Server related to the Core RDBMS component could allow an authenticated attacker to take control of the system.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/155725 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-2444
**DESCRIPTION:**An unspecified vulnerability in Oracle Database Server related to the Core RDBMS component could allow an authenticated attacker to take control of the system.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/155761 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

CVEID:CVE-2019-2619
**DESCRIPTION:**An unspecified vulnerability in Oracle Database Server related to the Portable Clusterware component could allow an authenticated attacker to take control of the system.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159715 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2020-2978
**DESCRIPTION:**An unspecified vulnerability in Oracle Database - Enterprise Edition related to the DBA role account component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 4.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185213 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N)

CVEID:CVE-2021-29692
**DESCRIPTION:**IBM Security Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200253 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID:CVE-2021-29688
**DESCRIPTION:**IBM Security Identity Manager could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200102 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2021-29691
**DESCRIPTION:**IBM Security Identity Manager contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200252 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-29686
**DESCRIPTION:**IBM Security Identity Manager could allow an authenticated user to bypass security and perform actions that they should not have access to.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200015 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
ISIM VA 7.0.2
ISIM VA
7.0.1

Remediation/Fixes

Affected Product(s) Version(s) Fix Availability
IBM Security Identity Manager Virtual Appliance 7.0.2

7.0.2-ISS-SIM-FP0003

IBM Security Identity Manager Virtual Appliance| 7.0.1
| 7.0.1-ISS-SIM-FP0016

Workarounds and Mitigations

None

Related

openvas 21
ibm 36
nessus 39
suse 3
attackerkb 2
githubexploit 4
osv 9
checkpoint_advisories 1
atlassian 5
hp 1
fedora 6
joomla 1
oraclelinux 3
debian 2
drupal 1
prion 16
redhat 5
typo3 1
gentoo 1
cve 16
altlinux 1
github 4
freebsd 1
nodejs 1
veracode 1
packetstorm 3
redhatcve 2
zdt 2
amazon 1
almalinux 1
ics 1
ubuntucve 2
f5 1
debiancve 2
hackerone 1
alpinelinux 2
openvas
openvas
Oracle Database Server 'OJVM' Component Unspecified Vulnerability
2017-07-19 00:00:00
openSUSE: Security Advisory for otrs (openSUSE-SU-2020:1888-1)
2020-11-10 00:00:00
Debian: Security Advisory (DLA-2608-1)
2021-03-26 00:00:00
ibm
ibm
Security Bulletin: IBM Security Verify Information Queue uses an Oracle JDBC jar with multiple vulnerabilities (CVE-2019-2444, CVE-2019-2619, CVE-2017-10321, CVE-2017-10202)
2022-07-20 19:33:31
Security Bulletin: IBM Tivoli Netcool Impact is affected by jQuery vulnerabilities (CVE-2020-11022, CVE-2020-11023)
2020-06-29 15:31:22
Security Bulletin: Steps to update DataQuant Wrokstation ans DataQuant WebSphere plugins.
2020-10-07 21:15:08
nessus
nessus
Oracle Database Multiple Vulnerabilities (October 2017 CPU)
2017-10-19 00:00:00
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19)
2022-09-01 00:00:00
JQuery 1.2 < 3.5.0 Multiple XSS
2020-05-28 00:00:00
suse
suse
Security update for otrs (moderate)
2020-11-10 00:00:00
Security update for cacti, cacti-spine (moderate)
2020-07-28 00:00:00
Security update for cacti, cacti-spine (moderate)
2020-07-25 00:00:00
attackerkb
attackerkb
CVE-2020-11022
2020-04-29 00:00:00
CVE-2020-11023
2020-04-29 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Jquery
2021-10-16 01:10:33
Exploit for Cross-site Scripting in Jquery
2020-11-02 20:55:10
Exploit for Cross-site Scripting in Jquery
2020-04-14 19:12:01
osv
osv
jquery - security update
2021-03-25 00:00:00
drupal7 - security update
2020-05-26 00:00:00
Persistent Cross-site Scripting vulnerability in PrivateBin
2022-04-12 20:45:22
checkpoint_advisories
checkpoint_advisories
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
atlassian
atlassian
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
jquery 2.2.4 XSS vulnerability
2022-08-24 14:53:45
hp
hp
HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: drupal8-8.9.0-1.fc32
2020-06-16 01:32:24
[SECURITY] Fedora 33 Update: drupal7-7.72-1.fc33
2020-09-25 17:15:48
[SECURITY] Fedora 32 Update: cacti-1.2.13-1.fc32
2020-07-23 01:06:59
joomla
joomla
[20200604] - Core - XSS in jQuery.htmlPrefilter
2020-04-10 00:00:00
oraclelinux
oraclelinux
jquery-ui security update
2022-03-01 00:00:00
bootstrap security update
2021-08-09 00:00:00
ipa security and bug fix update
2021-03-19 00:00:00
debian
debian
[SECURITY] [DLA 2608-1] jquery security update
2021-03-26 01:32:22
[SECURITY] [DSA 4693-1] drupal7 security update
2020-05-26 21:08:21
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
2020-05-20 00:00:00
prion
prion
Information disclosure
2021-05-20 15:15:00
Information disclosure
2021-05-20 15:15:00
Information disclosure
2021-05-20 15:15:00
redhat
redhat
(RHSA-2020:4211) Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update
2020-10-08 06:44:00
(RHSA-2020:3807) Moderate: Red Hat Virtualization security, bug fix, and enhancement update
2020-09-23 15:54:23
(RHSA-2020:2217) Moderate: OpenShift Container Platform 3.11 security update
2020-05-28 11:08:25
typo3
typo3
Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)
2020-07-29 00:00:00
gentoo
gentoo
Cacti: Multiple vulnerabilities
2020-07-26 00:00:00
cve
cve
CVE-2021-29688
2021-05-20 15:15:00
CVE-2021-29682
2021-05-20 15:15:00
CVE-2021-29691
2021-05-20 15:15:00
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
github
github
Persistent Cross-site Scripting vulnerability in PrivateBin
2022-04-12 20:45:22
Potential XSS vulnerability in jQuery
2020-04-29 22:19:14
Potential XSS vulnerability in jQuery
2020-04-29 22:18:55
freebsd
freebsd
Cacti -- multiple vulnerabilities
2020-07-15 00:00:00
nodejs
nodejs
Cross-Site Scripting
2020-04-30 18:19:09
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-30 01:59:55
packetstorm
packetstorm
jQuery 1.2 Cross Site Scripting
2021-04-14 00:00:00
jQuery 1.0.3 Cross Site Scripting
2021-04-14 00:00:00
Oracle RMAN Missing Auditing
2023-05-05 00:00:00
redhatcve
redhatcve
CVE-2020-11022
2020-04-29 23:09:52
CVE-2020-11023
2021-06-20 07:11:02
zdt
zdt
jQuery 1.0.3 - Cross-Site Scripting Vulnerability
2021-04-14 00:00:00
jQuery 1.2 - Cross-Site Scripting Vulnerability
2021-04-14 00:00:00
amazon
amazon
Medium: ipa
2021-04-20 17:55:00
almalinux
almalinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2021-05-18 06:14:07
ics
ics
Sensormatic Electronics VideoEdge
2021-11-02 12:00:00
ubuntucve
ubuntucve
CVE-2020-11023
2020-04-29 00:00:00
CVE-2020-11022
2020-04-29 00:00:00
f5
f5
K02453220 : jQuery vulnerability CVE-2020-11022
2020-08-03 00:00:00
debiancve
debiancve
CVE-2020-11022
2020-04-29 22:15:00
CVE-2020-11023
2020-04-29 21:15:00
hackerone
hackerone
Reddit: CVE-2020-11022
2022-12-20 17:19:58
alpinelinux
alpinelinux
CVE-2020-11022
2020-04-29 22:15:00
CVE-2020-11023
2020-04-29 21:15:00

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.074 Low

EPSS

Percentile

93.1%

JSON
Related for ACBA42A9F266755DB30CE35DBA1907FB61B1687AAD3415499AF5573BC67595AA
openvas21ibm36nessus39suse3attackerkb2githubexploit4osv9checkpoint_advisories1atlassian5hp1fedora6joomla1oraclelinux3debian2drupal1prion16redhat5typo31gentoo1cve16altlinux1github4freebsd1nodejs1veracode1packetstorm3redhatcve2zdt2amazon1almalinux1ics1ubuntucve2f51debiancve2hackerone1alpinelinux2