Lucene search
K
IbmSecurity Identity Governance And Intelligence

39 matches found

CVE
CVE
added 2020/05/28 2:45 p.m.132 views

CVE-2020-4232

CVE-2020-4232 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance, version 5.2.6. The vulnerability allows an attacker to enumerate usernames to obtain valid login credentials, potentially enabling further attacks. Root cause details are not explicitly described beyo...

7.5CVSS7.2AI score0.01125EPSS
CVE
CVE
added 2020/05/28 2:45 p.m.98 views

CVE-2020-4231

CVE-2020-4231 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance, version 5.2.6. The vulnerability stems from hazardous input validation, enabling an authenticated user to execute unauthorized commands. The issue is documented with CVSS details indicating network ac...

6.5CVSS6.2AI score0.00814EPSS
CVE
CVE
added 2020/05/28 2:45 p.m.97 views

CVE-2020-4233

IBM Security Identity Governance and Intelligence version 5.2.6 is affected by CVE-2020-4233 due to the application not setting the Secure flag on session cookies when using SSL. This allows a remote attacker to capture cookies during HTTP sessions and obtain sensitive information. The issue is d...

5.3CVSS5AI score0.00766EPSS
CVE
CVE
added 2020/05/28 2:45 p.m.94 views

CVE-2020-4244

CVE-2020-4244 affects IBM Security Identity Governance and Intelligence 5.2.6. The IBM bulletin states the Virtual Appliance could allow an unauthorized user to obtain sensitive information through user enumeration, leading to information disclosure (CVE-2020-4244). Affected product/version: IBM ...

5.3CVSS4.9AI score0.01067EPSS
CVE
CVE
added 2020/05/28 3:25 p.m.94 views

CVE-2020-4248

CVE-2020-4248 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6. The vulnerability allows a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser, enabling information disclosure that could aid further attacks. The e...

4CVSS3.3AI score0.00978EPSS
CVE
CVE
added 2020/05/28 2:45 p.m.92 views

CVE-2020-4246

CVE-2020-4246 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6. The flaw is an XML External Entity (XXE) vulnerability when processing XML data, allowing a remote attacker to expose sensitive information or consume memory resources. Affected product: IBM IGI 5.2.6; root cause...

7.1CVSS6.8AI score0.01398EPSS
CVE
CVE
added 2020/05/28 2:45 p.m.86 views

CVE-2020-4249

CVE-2020-4249 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance 5.2.6. The issue is an authorization flaw that could disclose highly sensitive information to other authenticated users. Impact is explicit: confidentiality compromise (PARTIAL to HIGH) per CVSS metric...

6.5CVSS6AI score0.00914EPSS
CVE
CVE
added 2020/05/28 2:45 p.m.81 views

CVE-2020-4245

CVE-2020-4245 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6, where a weak default password policy (no requirement for strong passwords) enables easier compromise of user accounts. This is tied to the IGI Virtual Appliance as described in IBM’s bulletin and X-Force referenc...

7.5CVSS7.3AI score0.01207EPSS
CVE
CVE
added 2019/02/21 5:0 p.m.76 views

CVE-2018-1945

CVE-2018-1945 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance 5.2–5.2.4.1. The vulnerability lets a remote attacker hijack a victim’s click actions by luring them to a malicious website, potentially enabling further attacks. Remediation is available: upgrade IGI ...

6.1CVSS6.4AI score0.01213EPSS
CVE
CVE
added 2022/05/17 4:0 p.m.73 views

CVE-2020-4957

CVE-2020-4957 affects IBM Security Identity Governance and Intelligence 5.2.6. The vulnerability stems from information disclosure in URL parameters within the Bulk Data Load module, potentially aiding future attacks. A fix is available: 5.2.6.0-ISS-SIGI-FP0004. See IBM Security bulletin for reme...

5.3CVSS4.9AI score0.00834EPSS
CVE
CVE
added 2018/09/07 4:0 p.m.72 views

CVE-2018-1756

CVE-2018-1756 affects IBM Security Identity Governance and Intelligence (IGI) versions 5.2.3.2 and 5.2.4, where the survey endpoint can be exploited via an unauthenticated remote SQL injection to view data in the back-end database. Affects the IGI Virtual Appliance; vulnerable component is the AP...

7.5CVSS7.5AI score0.10599EPSS
Web
CVE
CVE
added 2017/09/27 5:0 p.m.68 views

CVE-2017-1483

CVE-2017-1483 affects IBM Security Identity Manager Adapters (v6.0 and v7.0). The root cause is that the adapters do not perform an authentication check for a critical resource or functionality, enabling anonymous users to access protected areas. Affected products include IBM Security Identity Ma...

8.6CVSS8.3AI score0.01485EPSS
CVE
CVE
added 2019/02/21 5:0 p.m.66 views

CVE-2018-1947

CVE-2018-1947 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance versions 5.2–5.2.4.1. The Web UI is vulnerable to cross-site scripting, enabling an attacker to embed arbitrary JavaScript in the UI and potentially disclose credentials within a trusted session. Root ...

6.1CVSS5.8AI score0.00894EPSS
CVE
CVE
added 2019/02/21 5:0 p.m.61 views

CVE-2018-1949

The CVE-2018-1949 entry affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance, specifically IGI versions 5.2 through 5.2.4.1. The vulnerability is an information disclosure issue where sensitive data may be exposed to unauthorized users, enabling further attacks on the...

4.3CVSS4.8AI score0.00976EPSS
CVE
CVE
added 2018/08/06 2:0 p.m.59 views

CVE-2017-1396

The CVE-2017-1396 issue affects IBM Security Identity Governance Virtual Appliance (IGI) versions 5.2 through 5.2.3.2, where permissions on a security-critical resource could allow read/modify by unintended actors. Affected IGI releases include 5.2, 5.2.1, 5.2.2, 5.2.2.1, 5.2.3, 5.2.3.1, and 5.2....

8.1CVSS7.6AI score0.00808EPSS
CVE
CVE
added 2021/01/21 2:0 p.m.58 views

CVE-2020-4968

CVE-2020-4968 affects IBM Security Identity Governance and Intelligence 5.2.6. The IBM Security bulletin and CVE records describe use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. The vulnerability is associated with encry...

6.5CVSS6.2AI score0.00322EPSS
CVE
CVE
added 2021/01/21 2:0 p.m.58 views

CVE-2020-4969

IBM Security Identity Governance and Intelligence 5.2.6 is affected by CVE-2020-4969 due to failure to properly enable HTTP Strict Transport Security. This misconfiguration could allow a remote attacker to disclose sensitive information via man-in-the-middle techniques. The root cause is missing ...

5.9CVSS5.4AI score0.00666EPSS
CVE
CVE
added 2018/08/06 2:0 p.m.55 views

CVE-2017-1368

CVE-2017-1368 affects IBM Security Identity Governance Virtual Appliance 5.2–5.2.3.2, where authorization tokens and session cookies are not marked Secure. This allows cookie values to be exposed when users click http:// links or visit sites that load the links, enabling cookie snooping. Root cau...

6.5CVSS6.2AI score0.01278EPSS
CVE
CVE
added 2019/02/21 5:0 p.m.55 views

CVE-2018-1946

CVE-2018-1946 involves IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance versions 5.2 through 5.2.4.1. The issue is not a bug in code execution but a design/crypto negotiation flaw: multiple actors can negotiate which protection algorithms (e.g., encryption/authentication)...

7.5CVSS7.3AI score0.0073EPSS
CVE
CVE
added 2018/08/06 2:0 p.m.54 views

CVE-2017-1409

Technical details about CVE-2017-1409 (IBM Security Identity Governance Virtual Appliance information disclosure) are not present in the provided connected documents. Public information here confirms the issue but does not specify affected components, root cause, exploit details, or fixes. Monito...

5.3CVSS5.4AI score0.01312EPSS
CVE
CVE
added 2018/08/06 2:0 p.m.54 views

CVE-2017-1411

CVE-2017-1411 affects IBM Security Identity Governance Virtual Appliance (IGI) versions 5.2 through 5.2.3.2. The vulnerability description indicates that, by default, users are not required to use strong passwords, enabling potential account compromise. The Connected documents confirm IGI family ...

7.5CVSS7.4AI score0.01484EPSS
CVE
CVE
added 2018/07/13 4:0 p.m.53 views

CVE-2017-1367

Summary (CVE-2017-1367): IBM Security Identity Governance and Intelligence Virtual Appliance (IGI) versions 5.2 through 5.2.3.2 store sensitive information in URL parameters. This can lead to information disclosure if URLs are captured in server logs, the Referer header, or browser history. The I...

5.3CVSS5.4AI score0.01207EPSS
CVE
CVE
added 2017/09/27 5:0 p.m.53 views

CVE-2017-1407

CVE-2017-1407 affects IBM Security Identity Manager Virtual Appliance versions 6.0 and 7.0. The vulnerability enables a remote authenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted request. The exploitation condition is an authenticated remote ...

9CVSS8.2AI score0.03418EPSS
CVE
CVE
added 2019/02/21 5:0 p.m.53 views

CVE-2018-1948

CVE-2018-1948 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance 5.2.x. The vulnerability is that authorization tokens and session cookies are not marked Secure, allowing cookies to be sent over HTTP. An attacker could exploit this by enticing a user to click an HTT...

4.3CVSS4.7AI score0.01139EPSS
CVE
CVE
added 2021/01/21 2:0 p.m.53 views

CVE-2020-4958

CVE-2020-4958 affects IBM Security Identity Governance and Intelligence (IGI) version 5.2.6. The vulnerability arises from RMI connectors that do not perform authentication for functions requiring a verifiable user identity or that consume significant resources, allowing an authentication bypass....

9.8CVSS9.1AI score0.01696EPSS
CVE
CVE
added 2018/07/13 4:0 p.m.52 views

CVE-2017-1395

The CVE-2017-1395 entry affects IBM Security Identity Governance Virtual Appliance (IGI) 5.2 to 5.2.3.2. Root cause: HTTP Strict Transport Security was not properly enabled, enabling an information-disclosure scenario via MITM attacks. Impact: partial confidentiality loss through exposed sensitiv...

5.9CVSS5.9AI score0.01736EPSS
CVE
CVE
added 2021/02/09 2:50 p.m.52 views

CVE-2020-4795

IBM Security Identity Governance and Intelligence 5.2.6 is affected by CVE-2020-4795, a information disclosure vulnerability exploitable via a specially crafted HTTP request. The issue allows an unauthorized user to obtain sensitive data, and IBM’s own bulletin ties it to the forgot password endp...

8.2CVSS7.6AI score0.01743EPSS
CVE
CVE
added 2018/09/07 4:0 p.m.51 views

CVE-2018-1757

CVE-2018-1757 affects IBM Security Identity Governance and Intelligence (IGI) versions 5.2.3.2 and 5.2.4, where missing authentication in the IGI survey application could allow an attacker to obtain sensitive information. The IBM bulletin notes a vulnerability in the Feedback Survey feature and c...

5.3CVSS5.7AI score0.0171EPSS
CVE
CVE
added 2018/08/06 2:0 p.m.50 views

CVE-2017-1366

CVE-2017-1366 affects IBM Security Identity Governance Virtual Appliance (IGI) 5.2 through 5.2.3.2, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The issue is tied to IGI’s deployment and crypto handling, with IBM noting a rem...

7.5CVSS7.3AI score0.00975EPSS
CVE
CVE
added 2021/02/09 2:50 p.m.50 views

CVE-2020-4791

IBM Security Identity Governance and Intelligence (IGI) 5.2.6 is affected by CVE-2020-4791 due to improper certificate validation, enabling potential information disclosure via man-in-the-middle attacks. The vulnerability affects IGI 5.2.6 and is described in multiple sources (NVD entry and CNVD/...

6.9CVSS4.8AI score0.00303EPSS
CVE
CVE
added 2018/08/06 2:0 p.m.49 views

CVE-2017-1412

CVE-2017-1412 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance versions 5.2, 5.2.1, 5.2.2, 5.2.2.1, 5.2.3, 5.2.3.1, 5.2.3.2. Description in the IBM bulletin confirms that the vulnerability arises from an error message that exposes sensitive information about the e...

4.3CVSS4.9AI score0.00984EPSS
CVE
CVE
added 2019/02/21 5:0 p.m.49 views

CVE-2018-1944

Summary: CVE-2018-1944 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance, specifically versions 5.2 through 5.2.4.1. The root cause is hard-coded credentials (passwords or cryptographic keys) used for inbound authentication, outbound communication to external compo...

9.8CVSS8.8AI score0.00844EPSS
CVE
CVE
added 2021/01/21 2:0 p.m.49 views

CVE-2020-4966

CVE-2020-4966 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6, where authorization tokens and session cookies do not set the secure attribute. This may allow an attacker to obtain cookie values by users clicking a http:// link or visiting a page containing such a link, enabl...

4.3CVSS4.1AI score0.01428EPSS
CVE
CVE
added 2018/08/06 2:0 p.m.48 views

CVE-2017-1755

The CVE-2017-1755 entry affects IBM Security Identity Governance Virtual Appliance versions 5.2 through 5.2.3.2. The connected IBM bulletin confirms a local vulnerability whereby an attacker could inject commands into malicious files that could be executed by an administrator, indicating a local ...

6.7CVSS6.5AI score0.0036EPSS
CVE
CVE
added 2021/02/09 2:50 p.m.43 views

CVE-2020-4996

CVE-2020-4996 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6. A local attacker could obtain sensitive data by capturing screenshots of authentication credentials. IBM’s bulletin notes a security vulnerability in IGI and provides a remediation: upgrade to a fixed release (IG...

6.5CVSS5.1AI score0.00368EPSS
CVE
CVE
added 2019/02/21 5:0 p.m.42 views

CVE-2018-1950

The CVE affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance versions 5.2–5.2.4.1. The disclosed vulnerability is an information disclosure: an error message reveals sensitive details about the environment, users, or related data, which could aid further attacks. Root...

4.3CVSS4.9AI score0.00976EPSS
CVE
CVE
added 2021/02/09 2:50 p.m.42 views

CVE-2020-4995

IBM Security Identity Governance and Intelligence 5.2.6 is affected by a session-management flaw: it does not invalidate the user session after logout, potentially allowing one user to access sensitive information from another user’s session. The root cause described across sources is the failure...

5.3CVSS4.8AI score0.0115EPSS
CVE
CVE
added 2020/08/05 1:15 p.m.40 views

CVE-2020-4243

CVE-2020-4243 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6 Virtual Appliance. The root cause is that session tokens may not be invalidated after logout in IBM Security Access Request, allowing a remote attacker to potentially obtain sensitive information via MITM techniqu...

4.3CVSS3.7AI score0.00914EPSS
CVE
CVE
added 2021/02/09 2:50 p.m.35 views

CVE-2020-4790

CVE-2020-4790 affects IBM Security Identity Governance and Intelligence (IGI) 5.2.6. The vulnerability arises from improper validation of a supplied URL, allowing a user to cause a denial of service, rendering the application unusable. Publicly documented details across sources confirm the impact...

6.5CVSS6.2AI score0.00603EPSS