39 matches found
CVE-2020-4232
CVE-2020-4232 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance, version 5.2.6. The vulnerability allows an attacker to enumerate usernames to obtain valid login credentials, potentially enabling further attacks. Root cause details are not explicitly described beyo...
CVE-2020-4231
CVE-2020-4231 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance, version 5.2.6. The vulnerability stems from hazardous input validation, enabling an authenticated user to execute unauthorized commands. The issue is documented with CVSS details indicating network ac...
CVE-2020-4233
IBM Security Identity Governance and Intelligence version 5.2.6 is affected by CVE-2020-4233 due to the application not setting the Secure flag on session cookies when using SSL. This allows a remote attacker to capture cookies during HTTP sessions and obtain sensitive information. The issue is d...
CVE-2020-4244
CVE-2020-4244 affects IBM Security Identity Governance and Intelligence 5.2.6. The IBM bulletin states the Virtual Appliance could allow an unauthorized user to obtain sensitive information through user enumeration, leading to information disclosure (CVE-2020-4244). Affected product/version: IBM ...
CVE-2020-4248
CVE-2020-4248 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6. The vulnerability allows a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser, enabling information disclosure that could aid further attacks. The e...
CVE-2020-4246
CVE-2020-4246 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6. The flaw is an XML External Entity (XXE) vulnerability when processing XML data, allowing a remote attacker to expose sensitive information or consume memory resources. Affected product: IBM IGI 5.2.6; root cause...
CVE-2020-4249
CVE-2020-4249 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance 5.2.6. The issue is an authorization flaw that could disclose highly sensitive information to other authenticated users. Impact is explicit: confidentiality compromise (PARTIAL to HIGH) per CVSS metric...
CVE-2020-4245
CVE-2020-4245 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6, where a weak default password policy (no requirement for strong passwords) enables easier compromise of user accounts. This is tied to the IGI Virtual Appliance as described in IBM’s bulletin and X-Force referenc...
CVE-2018-1945
CVE-2018-1945 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance 5.2–5.2.4.1. The vulnerability lets a remote attacker hijack a victim’s click actions by luring them to a malicious website, potentially enabling further attacks. Remediation is available: upgrade IGI ...
CVE-2020-4957
CVE-2020-4957 affects IBM Security Identity Governance and Intelligence 5.2.6. The vulnerability stems from information disclosure in URL parameters within the Bulk Data Load module, potentially aiding future attacks. A fix is available: 5.2.6.0-ISS-SIGI-FP0004. See IBM Security bulletin for reme...
CVE-2018-1756
CVE-2018-1756 affects IBM Security Identity Governance and Intelligence (IGI) versions 5.2.3.2 and 5.2.4, where the survey endpoint can be exploited via an unauthenticated remote SQL injection to view data in the back-end database. Affects the IGI Virtual Appliance; vulnerable component is the AP...
CVE-2017-1483
CVE-2017-1483 affects IBM Security Identity Manager Adapters (v6.0 and v7.0). The root cause is that the adapters do not perform an authentication check for a critical resource or functionality, enabling anonymous users to access protected areas. Affected products include IBM Security Identity Ma...
CVE-2018-1947
CVE-2018-1947 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance versions 5.2–5.2.4.1. The Web UI is vulnerable to cross-site scripting, enabling an attacker to embed arbitrary JavaScript in the UI and potentially disclose credentials within a trusted session. Root ...
CVE-2018-1949
The CVE-2018-1949 entry affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance, specifically IGI versions 5.2 through 5.2.4.1. The vulnerability is an information disclosure issue where sensitive data may be exposed to unauthorized users, enabling further attacks on the...
CVE-2017-1396
The CVE-2017-1396 issue affects IBM Security Identity Governance Virtual Appliance (IGI) versions 5.2 through 5.2.3.2, where permissions on a security-critical resource could allow read/modify by unintended actors. Affected IGI releases include 5.2, 5.2.1, 5.2.2, 5.2.2.1, 5.2.3, 5.2.3.1, and 5.2....
CVE-2020-4968
CVE-2020-4968 affects IBM Security Identity Governance and Intelligence 5.2.6. The IBM Security bulletin and CVE records describe use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. The vulnerability is associated with encry...
CVE-2020-4969
IBM Security Identity Governance and Intelligence 5.2.6 is affected by CVE-2020-4969 due to failure to properly enable HTTP Strict Transport Security. This misconfiguration could allow a remote attacker to disclose sensitive information via man-in-the-middle techniques. The root cause is missing ...
CVE-2017-1368
CVE-2017-1368 affects IBM Security Identity Governance Virtual Appliance 5.2–5.2.3.2, where authorization tokens and session cookies are not marked Secure. This allows cookie values to be exposed when users click http:// links or visit sites that load the links, enabling cookie snooping. Root cau...
CVE-2018-1946
CVE-2018-1946 involves IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance versions 5.2 through 5.2.4.1. The issue is not a bug in code execution but a design/crypto negotiation flaw: multiple actors can negotiate which protection algorithms (e.g., encryption/authentication)...
CVE-2017-1409
Technical details about CVE-2017-1409 (IBM Security Identity Governance Virtual Appliance information disclosure) are not present in the provided connected documents. Public information here confirms the issue but does not specify affected components, root cause, exploit details, or fixes. Monito...
CVE-2017-1411
CVE-2017-1411 affects IBM Security Identity Governance Virtual Appliance (IGI) versions 5.2 through 5.2.3.2. The vulnerability description indicates that, by default, users are not required to use strong passwords, enabling potential account compromise. The Connected documents confirm IGI family ...
CVE-2017-1367
Summary (CVE-2017-1367): IBM Security Identity Governance and Intelligence Virtual Appliance (IGI) versions 5.2 through 5.2.3.2 store sensitive information in URL parameters. This can lead to information disclosure if URLs are captured in server logs, the Referer header, or browser history. The I...
CVE-2017-1407
CVE-2017-1407 affects IBM Security Identity Manager Virtual Appliance versions 6.0 and 7.0. The vulnerability enables a remote authenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted request. The exploitation condition is an authenticated remote ...
CVE-2018-1948
CVE-2018-1948 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance 5.2.x. The vulnerability is that authorization tokens and session cookies are not marked Secure, allowing cookies to be sent over HTTP. An attacker could exploit this by enticing a user to click an HTT...
CVE-2020-4958
CVE-2020-4958 affects IBM Security Identity Governance and Intelligence (IGI) version 5.2.6. The vulnerability arises from RMI connectors that do not perform authentication for functions requiring a verifiable user identity or that consume significant resources, allowing an authentication bypass....
CVE-2017-1395
The CVE-2017-1395 entry affects IBM Security Identity Governance Virtual Appliance (IGI) 5.2 to 5.2.3.2. Root cause: HTTP Strict Transport Security was not properly enabled, enabling an information-disclosure scenario via MITM attacks. Impact: partial confidentiality loss through exposed sensitiv...
CVE-2020-4795
IBM Security Identity Governance and Intelligence 5.2.6 is affected by CVE-2020-4795, a information disclosure vulnerability exploitable via a specially crafted HTTP request. The issue allows an unauthorized user to obtain sensitive data, and IBM’s own bulletin ties it to the forgot password endp...
CVE-2018-1757
CVE-2018-1757 affects IBM Security Identity Governance and Intelligence (IGI) versions 5.2.3.2 and 5.2.4, where missing authentication in the IGI survey application could allow an attacker to obtain sensitive information. The IBM bulletin notes a vulnerability in the Feedback Survey feature and c...
CVE-2017-1366
CVE-2017-1366 affects IBM Security Identity Governance Virtual Appliance (IGI) 5.2 through 5.2.3.2, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The issue is tied to IGI’s deployment and crypto handling, with IBM noting a rem...
CVE-2020-4791
IBM Security Identity Governance and Intelligence (IGI) 5.2.6 is affected by CVE-2020-4791 due to improper certificate validation, enabling potential information disclosure via man-in-the-middle attacks. The vulnerability affects IGI 5.2.6 and is described in multiple sources (NVD entry and CNVD/...
CVE-2017-1412
CVE-2017-1412 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance versions 5.2, 5.2.1, 5.2.2, 5.2.2.1, 5.2.3, 5.2.3.1, 5.2.3.2. Description in the IBM bulletin confirms that the vulnerability arises from an error message that exposes sensitive information about the e...
CVE-2018-1944
Summary: CVE-2018-1944 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance, specifically versions 5.2 through 5.2.4.1. The root cause is hard-coded credentials (passwords or cryptographic keys) used for inbound authentication, outbound communication to external compo...
CVE-2020-4966
CVE-2020-4966 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6, where authorization tokens and session cookies do not set the secure attribute. This may allow an attacker to obtain cookie values by users clicking a http:// link or visiting a page containing such a link, enabl...
CVE-2017-1755
The CVE-2017-1755 entry affects IBM Security Identity Governance Virtual Appliance versions 5.2 through 5.2.3.2. The connected IBM bulletin confirms a local vulnerability whereby an attacker could inject commands into malicious files that could be executed by an administrator, indicating a local ...
CVE-2020-4996
CVE-2020-4996 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6. A local attacker could obtain sensitive data by capturing screenshots of authentication credentials. IBM’s bulletin notes a security vulnerability in IGI and provides a remediation: upgrade to a fixed release (IG...
CVE-2018-1950
The CVE affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance versions 5.2–5.2.4.1. The disclosed vulnerability is an information disclosure: an error message reveals sensitive details about the environment, users, or related data, which could aid further attacks. Root...
CVE-2020-4995
IBM Security Identity Governance and Intelligence 5.2.6 is affected by a session-management flaw: it does not invalidate the user session after logout, potentially allowing one user to access sensitive information from another user’s session. The root cause described across sources is the failure...
CVE-2020-4243
CVE-2020-4243 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6 Virtual Appliance. The root cause is that session tokens may not be invalidated after logout in IBM Security Access Request, allowing a remote attacker to potentially obtain sensitive information via MITM techniqu...
CVE-2020-4790
CVE-2020-4790 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6. The vulnerability arises from improper validation of a supplied URL, allowing a user to cause a denial of service, rendering the application unusable. Publicly documented details across sources confirm the impact...