43 matches found
CVE-2021-29864
IBM Security Identity Manager (ISIM) versions 6.0.0 and 6.0.2 are affected by an open redirect vulnerability that an attacker could leverage via a crafted link to spoof the displayed URL and redirect users to a malicious site. Root cause described as improper handling of target hops leading to op...
CVE-2019-4561
CVE-2019-4561 affects IBM Security Identity Manager (ISIM) versions 6.0.0 and 6.0.2. The root cause is deserialization of untrusted data, enabling a remote attacker to execute arbitrary code when a user visits a crafted Web site. CVSS v3 base score is 8.0–8.8 (HIGH). IBM indicates ISIM 6.0.0.22-I...
CVE-2017-1483
CVE-2017-1483 affects IBM Security Identity Manager Adapters (v6.0 and v7.0). The root cause is that the adapters do not perform an authentication check for a critical resource or functionality, enabling anonymous users to access protected areas. Affected products include IBM Security Identity Ma...
CVE-2021-29691
CVE-2021-29691 concerns IBM Security Identity Manager (ISIM) and affects the IBM Security Identity Manager Virtual Appliance (ISIM VA) versions 7.0.2 and 7.0.1. The documented root cause is hard-coded credentials (passwords or cryptographic keys) used for inbound authentication, outbound communic...
CVE-2021-29682
IBM Security Identity Manager (ISIM) and ISIM Virtual Appliance (ISIM VA) 7.0.x are affected by CVE-2021-29682, where a remote attacker could obtain sensitive information via detailed technical error messages returned in the browser. The issue is an information disclosure vulnerability in ISIM 7....
CVE-2021-29687
IBM Security Identity Manager contains two CVEs (CVE-2021-29687 and CVE-2021-29688) related to information disclosure via login error handling. According to IBM Security Bulletin, the issue allows a remote attacker to enumerate usernames through differences in responses to valid vs. invalid login...
CVE-2014-6168
IBM Security Identity Manager 5.1 is vulnerable to Cross-Site Request Forgery (CSRF) due to improper validation of user-submitted input. In versions before 5.1.0.15 IF0056, a remote authenticated attacker could hijack user sessions for requests that insert XSS sequences. Impact described includes...
CVE-2017-1407
CVE-2017-1407 affects IBM Security Identity Manager Virtual Appliance versions 6.0 and 7.0. The vulnerability enables a remote authenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted request. The exploitation condition is an authenticated remote ...
CVE-2021-29683
IBM Security Identity Manager (ISIM) Virtual Appliance has a vulnerability where credentials are stored in plain text, allowing an authenticated user to read them. Affected: ISIM Virtual Appliance versions 7.0.2 and 7.0.1. Root cause: credential data stored in clear text. Impact: potential inform...
CVE-2021-29688
CVE-2021-29688 affects IBM Security Identity Manager (ISIM) 7.0.2. The vulnerability allows a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser, which could be used in further attacks. The IBM bulletin for ISIM (CVE-2021-29688) list...
CVE-2014-6110
CVE-2014-6110: IBM Security Identity Manager 6.x before 6.0.0.3 IF14 improperly logs out prior users, enabling a local attacker to bypass security and access another user’s SIM session. Affected product: IBM Security Identity Manager 6.x (component: SIM). Root cause: logout handling flaw. Impact:...
CVE-2017-1362
IBM Security Identity Manager Adapters 6.0 and 7.0 store user credentials in plaintext, readable by local users. The IBM bulletin confirms unsecured data traffic when SSL is not explicitly enabled; enabling SSL by default and importing valid certificates is recommended. Affected: ISIM v6.0 Adapte...
CVE-2018-1969
Product affected: IBM Security Identity Manager (ISIM) 6.0.0 (v6.0.0–6.0.0.20). Vulnerability: ISIM allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. Impact (as stated): Potential exposure or impact from process...
CVE-2017-1405
CVE-2017-1405 affects IBM Security Identity Manager Virtual Appliance 7.0 (and 7.0.1) due to inadequate verification of origin/integrity when processing patches, image backups and other updates. This could allow tampered updates to be accepted, compromising integrity of the appliance. IBM’s bulle...
CVE-2018-1956
IBM Security Identity Manager 6.0.0 is affected by CVE-2018-1956 due to not requiring strong passwords by default, enabling potential account compromise. The bulletin covers ISIM versions 6.0.0–6.0.0.20 and lists remediation via patch 6.0.0-ISS-SIM-FP0021. No exploitation details are provided bey...
CVE-2019-4038
CVE-2019-4038 affects IBM Security Identity Manager (ISIM). Affects ISIM 6.0.0–6.0.0.20 and 7.0.0–7.0.1.10. Root cause enables attacker to create unexpected control flow paths, potentially bypassing security checks and enabling a limited form of code injection. IBM provides fixes: 6.0.0-ISS-SIM-F...
CVE-2021-29692
CVE-2021-29692 affects IBM Security Identity Manager (ISIM). The IBM Security Identity Manager Vulnerability Details document shows that remote attackers could obtain sensitive information due to HTTP Strict Transport Security not being properly enabled. Affected products/versions include ISIM VA...
CVE-2014-0961
CVE-2014-0961 affects IBM Tivoli Identity Manager (ITIM) 5.0 (before 5.0.0.15), ITIM 5.1 (before 5.1.0.15), and IBM Security Identity Manager (ISIM) 6.0 (before 6.0.0.2). The root issue is a Cross-Site Request Forgery (CSRF) vulnerability that enables remote authenticated users to hijack the auth...
CVE-2016-0335
IBM Security Identity Manager Virtual Appliance versions 7.0.0.0–7.0.1.0 are affected by CSRF (CVE-2016-0335). The issue allows remote attackers to hijack user authentication for unspecified-impact requests via unknown vectors. Remediation: upgrade to IBM Security Identity Manager (ISIM) Virtual ...
CVE-2020-4970
CVE-2020-4970 affects IBM Security Identity Governance and Intelligence versions 5.2.4–5.2.6 and arises from failing to properly enable HTTP Strict Transport Security. An attacker could obtain sensitive information via man-in-the-middle. The IBM advisory lists a fix: upgrade to 5.2.6.0-ISS-SIGI-F...
CVE-2021-29686
CVE-2021-29686 affects IBM Security Identity Manager Virtual Appliance (ISIM VA) 7.0.2 (and 7.0.1). The issue allows an authenticated user to bypass security and perform actions they should not have access to. IBM’s remediation indicates fixes are available in 7.0.2 with FP0003 and 7.0.1 with FP0...
CVE-2014-6098
IBM Security Identity Manager 6.x prior to 6.0.0.3 IF14 is affected by CVE-2014-6098, where a crafted request to the web server can cause disclosure of cleartext passwords. Affected product and version: SIM 6.x before 6.0.0.3 IF14. Impact described: partial confidentiality loss via remote access ...
CVE-2014-6105
IBM Security Identity Manager (SIM) 6.x prior to 6.0.0.3 IF14 is affected by a clickjacking vulnerability. A remote attacker could hijack the victim’s clicking actions by persuading them to visit a malicious page; no authentication is required. Impact is limited to the client-side click actions, ...
CVE-2016-0336
IBM Security Identity Manager Virtual Appliance (ISIM VA) versions 7.0.0.0–7.0.1.0 are affected by CVE-2016-0336, a cross-site scripting (XSS) vulnerability. The issue arises from improper validation of user-supplied input, enabling remote authenticated users to inject arbitrary web script or HTM...
CVE-2018-1453
CVE-2018-1453 affects IBM Security Identity Manager Virtual Appliance (ISIM VA) 7.0 (and up to 7.0.1.6 per IBM bulletin) where an authenticated attacker can upload or transfer files of dangerous types that can be automatically processed in the environment. Root cause is improper handling of file ...
CVE-2014-6096
IBM Security Identity Manager 6.x is vulnerable to cross-site scripting (XSS) via crafted URLs, due to improper input validation. Affected: SIM 6.0 family up to 6.0.0.3 (IF14). Impact per publicly cited sources indicates potential for script execution in a victim’s browser within the site’s conte...
CVE-2014-6106
CVE-2014-6106 affects IBM Security Identity Manager 5.1, 6.0, and 7.0. The exposure is a CSRF flaw that, via improper validation of requests, could allow a remote attacker to hijack an authenticated user’s session and trigger cross-site scripting, web cache poisoning, or other impacts described i...
CVE-2019-4451
IBM Security Identity Manager (ISIM) 6.0.0 is affected by CVE-2019-4451, a cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure within a trusted session. The IBM Security bulletin confirms the vulnerability and lists the affected product/version. Remediation ...
CVE-2014-6108
CVE-2014-6108 affects IBM Security Identity Manager and IBM Tivoli Identity Manager. The issue is an unencrypted interface connection that can allow a man‑in‑the‑middle attacker to obtain sensitive information. Affected versions include Tivoli Identity Manager 5.1.x (before 5.1.0.15-ISS-TIM-IF005...
CVE-2016-9739
CVE-2016-9739 concerns IBM Security Identity Manager Virtual Appliance where a local user can read stored credentials because they are kept in plaintext. The available connected IBM security bulletin details the affected product family (IGI/IGI-Virtual Appliance) and confirms the underlying issue...
CVE-2014-6107
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 is vulnerable to leaking sensitive cookies over HTTP due to credential/cookie exposure when sniffed on the network. The issue affects SIM components and can expose partial confidentiality. Mitigation: upgrade to IBM SIM 6.0.0.3 with the accomp...
CVE-2014-6109
The CVE-2014-6109 entry affects IBM Security Identity Manager and IBM Tivoli Identity Manager. The vulnerability allows remote authenticated users to bypass intended access restrictions and obtain sensitive information via server-side LDAP query handling issues in IBM Tivoli Identity Manager 5.1....
CVE-2014-6112
IBM Security Identity Manager and IBM Tivoli Identity Manager are affected by CVE-2014-6112 due to use of weak SSL ciphers, enabling potential information disclosure over network connections. The IBM Security Identity Manager family (versions 6.0.x prior to 6.0.0.4-ISS-SIM-IF0001 and 7.0.x prior ...
CVE-2019-4675
CVE-2019-4675 affects IBM Security Identity Manager 7.0.1, where the component contains hard-coded credentials used for its own inbound authentication, outbound communication to external components, or encryption of internal data. The root cause is the presence of embedded credentials in ISIM ver...
CVE-2018-1959
IBM Security Identity Manager Virtual Appliance 7.0.1 is affected by CVE-2018-1959 due to hard-coded credentials used for inbound authentication/outbound communication or data encryption. Affected versions: 7.0.1 – 7.0.1.10. Impact per IBM: Confidentiality impact high; other impacts not reported....
CVE-2018-1962
CVE-2018-1962 affects IBM Security Identity Manager Virtual Appliance versions 7.0.1–7.0.1.10. Root cause: failure to invalidate session tokens on logout, enabling local attackers to log into a closed browser session. Reported impact is limited to local access scenarios with session termination b...
CVE-2018-1967
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting via the Web UI, allowing arbitrary JavaScript execution and potential credential disclosure within a trusted session. Affected versions range 6.0.0 to 6.0.0.20. Remediation: apply fix 6.0.0-ISS-SIM-FP0021.
CVE-2021-20483
IBM Security Identity Manager 6.0.2 is affected by CVE-2021-20483, a server-side request forgery (SSRF) vulnerability. The issue arises in the IBM Security Identity Manager Password Synchronization plug-in for Windows AD, enabling an authenticated remote attacker to obtain sensitive data. IBM’s a...
CVE-2019-4674
CVE-2019-4674 affects IBM Security Identity Manager 7.0.1, where a remote attacker could traverse directories by sending a URL with dot-dot (../) sequences to view arbitrary files. The vulnerability is a directory traversal in ISIM, enabling partial confidentiality impact. IBM’s related advisory ...
CVE-2021-20488
CVE-2021-20488 affects IBM Security Identity Manager 6.0.2 with the Windows Password Synchronization Plug‑in. A remote authenticated attacker could change passwords for other users in a Windows AD environment, due to improper handling in the ISIM Password Sync Plug‑in flow. The issue is confirmed...
CVE-2014-6095
CVE-2014-6095 affects IBM Security Identity Manager 6.x prior to 6.0.0.3 IF14. It is a directory traversal vulnerability that could allow a remote attacker to read arbitrary files via unspecified vectors. The NVD lists a base score of 5.0 (Medium) with network access, low attack complexity, and p...
CVE-2018-2019
IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to XML External Entity (XXE) processing when handling XML data. The root cause is improper XML parsing, allowing a remote attacker to access sensitive information or exhaust memory resources. Affected product: IBM Security Identi...
CVE-2014-6111
CVE-2014-6111 affects IBM Security Identity Manager and Tivoli Identity Manager. The root cause is storing encrypted user credentials and the keystore password in cleartext in configuration files, enabling a local attacker to decrypt SIM credentials via unspecified vectors. Affected versions incl...