Lucene search
K
IbmSecurity Identity Manager

43 matches found

CVE
CVE
added 2022/08/30 6:40 p.m.78 views

CVE-2021-29864

IBM Security Identity Manager (ISIM) versions 6.0.0 and 6.0.2 are affected by an open redirect vulnerability that an attacker could leverage via a crafted link to spoof the displayed URL and redirect users to a malicious site. Root cause described as improper handling of target hops leading to op...

6.8CVSS5.9AI score0.00406EPSS
CVE
CVE
added 2019/11/20 4:16 p.m.72 views

CVE-2019-4561

CVE-2019-4561 affects IBM Security Identity Manager (ISIM) versions 6.0.0 and 6.0.2. The root cause is deserialization of untrusted data, enabling a remote attacker to execute arbitrary code when a user visits a crafted Web site. CVSS v3 base score is 8.0–8.8 (HIGH). IBM indicates ISIM 6.0.0.22-I...

9.3CVSS8.7AI score0.0355EPSS
CVE
CVE
added 2017/09/27 5:0 p.m.68 views

CVE-2017-1483

CVE-2017-1483 affects IBM Security Identity Manager Adapters (v6.0 and v7.0). The root cause is that the adapters do not perform an authentication check for a critical resource or functionality, enabling anonymous users to access protected areas. Affected products include IBM Security Identity Ma...

8.6CVSS8.3AI score0.01485EPSS
CVE
CVE
added 2021/05/20 3:10 p.m.65 views

CVE-2021-29691

CVE-2021-29691 concerns IBM Security Identity Manager (ISIM) and affects the IBM Security Identity Manager Virtual Appliance (ISIM VA) versions 7.0.2 and 7.0.1. The documented root cause is hard-coded credentials (passwords or cryptographic keys) used for inbound authentication, outbound communic...

7.5CVSS7.8AI score0.00886EPSS
CVE
CVE
added 2021/05/20 3:10 p.m.60 views

CVE-2021-29682

IBM Security Identity Manager (ISIM) and ISIM Virtual Appliance (ISIM VA) 7.0.x are affected by CVE-2021-29682, where a remote attacker could obtain sensitive information via detailed technical error messages returned in the browser. The issue is an information disclosure vulnerability in ISIM 7....

5.3CVSS5.7AI score0.01275EPSS
CVE
CVE
added 2021/05/20 3:10 p.m.57 views

CVE-2021-29687

IBM Security Identity Manager contains two CVEs (CVE-2021-29687 and CVE-2021-29688) related to information disclosure via login error handling. According to IBM Security Bulletin, the issue allows a remote attacker to enumerate usernames through differences in responses to valid vs. invalid login...

5.3CVSS5.7AI score0.01259EPSS
CVE
CVE
added 2014/12/29 2:0 a.m.53 views

CVE-2014-6168

IBM Security Identity Manager 5.1 is vulnerable to Cross-Site Request Forgery (CSRF) due to improper validation of user-submitted input. In versions before 5.1.0.15 IF0056, a remote authenticated attacker could hijack user sessions for requests that insert XSS sequences. Impact described includes...

6CVSS6.2AI score0.00467EPSS
CVE
CVE
added 2017/09/27 5:0 p.m.53 views

CVE-2017-1407

CVE-2017-1407 affects IBM Security Identity Manager Virtual Appliance versions 6.0 and 7.0. The vulnerability enables a remote authenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted request. The exploitation condition is an authenticated remote ...

9CVSS8.2AI score0.03418EPSS
CVE
CVE
added 2021/05/20 3:10 p.m.53 views

CVE-2021-29683

IBM Security Identity Manager (ISIM) Virtual Appliance has a vulnerability where credentials are stored in plain text, allowing an authenticated user to read them. Affected: ISIM Virtual Appliance versions 7.0.2 and 7.0.1. Root cause: credential data stored in clear text. Impact: potential inform...

6.5CVSS6.6AI score0.00524EPSS
CVE
CVE
added 2021/05/20 3:10 p.m.52 views

CVE-2021-29688

CVE-2021-29688 affects IBM Security Identity Manager (ISIM) 7.0.2. The vulnerability allows a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser, which could be used in further attacks. The IBM bulletin for ISIM (CVE-2021-29688) list...

7.5CVSS7AI score0.02042EPSS
CVE
CVE
added 2014/11/18 1:0 a.m.51 views

CVE-2014-6110

CVE-2014-6110: IBM Security Identity Manager 6.x before 6.0.0.3 IF14 improperly logs out prior users, enabling a local attacker to bypass security and access another user’s SIM session. Affected product: IBM Security Identity Manager 6.x (component: SIM). Root cause: logout handling flaw. Impact:...

2.1CVSS4.2AI score0.00576EPSS
CVE
CVE
added 2017/09/25 4:0 p.m.51 views

CVE-2017-1362

IBM Security Identity Manager Adapters 6.0 and 7.0 store user credentials in plaintext, readable by local users. The IBM bulletin confirms unsecured data traffic when SSL is not explicitly enabled; enabling SSL by default and importing valid certificates is recommended. Affected: ISIM v6.0 Adapte...

7.8CVSS7AI score0.00298EPSS
CVE
CVE
added 2019/01/14 2:0 p.m.51 views

CVE-2018-1969

Product affected: IBM Security Identity Manager (ISIM) 6.0.0 (v6.0.0–6.0.0.20). Vulnerability: ISIM allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. Impact (as stated): Potential exposure or impact from process...

9.9CVSS8.8AI score0.01746EPSS
CVE
CVE
added 2018/06/08 1:0 p.m.50 views

CVE-2017-1405

CVE-2017-1405 affects IBM Security Identity Manager Virtual Appliance 7.0 (and 7.0.1) due to inadequate verification of origin/integrity when processing patches, image backups and other updates. This could allow tampered updates to be accepted, compromising integrity of the appliance. IBM’s bulle...

4.9CVSS5.5AI score0.00461EPSS
CVE
CVE
added 2019/01/14 2:0 p.m.50 views

CVE-2018-1956

IBM Security Identity Manager 6.0.0 is affected by CVE-2018-1956 due to not requiring strong passwords by default, enabling potential account compromise. The bulletin covers ISIM versions 6.0.0–6.0.0.20 and lists remediation via patch 6.0.0-ISS-SIM-FP0021. No exploitation details are provided bey...

7.5CVSS7.7AI score0.02017EPSS
CVE
CVE
added 2019/02/04 9:0 p.m.50 views

CVE-2019-4038

CVE-2019-4038 affects IBM Security Identity Manager (ISIM). Affects ISIM 6.0.0–6.0.0.20 and 7.0.0–7.0.1.10. Root cause enables attacker to create unexpected control flow paths, potentially bypassing security checks and enabling a limited form of code injection. IBM provides fixes: 6.0.0-ISS-SIM-F...

7.2CVSS6.4AI score0.00439EPSS
CVE
CVE
added 2021/05/20 3:10 p.m.50 views

CVE-2021-29692

CVE-2021-29692 affects IBM Security Identity Manager (ISIM). The IBM Security Identity Manager Vulnerability Details document shows that remote attackers could obtain sensitive information due to HTTP Strict Transport Security not being properly enabled. Affected products/versions include ISIM VA...

5.9CVSS5.6AI score0.01049EPSS
CVE
CVE
added 2014/06/08 6:0 p.m.48 views

CVE-2014-0961

CVE-2014-0961 affects IBM Tivoli Identity Manager (ITIM) 5.0 (before 5.0.0.15), ITIM 5.1 (before 5.1.0.15), and IBM Security Identity Manager (ISIM) 6.0 (before 6.0.0.2). The root issue is a Cross-Site Request Forgery (CSRF) vulnerability that enables remote authenticated users to hijack the auth...

6CVSS6.2AI score0.00527EPSS
CVE
CVE
added 2018/01/12 5:0 p.m.48 views

CVE-2016-0335

IBM Security Identity Manager Virtual Appliance versions 7.0.0.0–7.0.1.0 are affected by CSRF (CVE-2016-0335). The issue allows remote attackers to hijack user authentication for unspecified-impact requests via unknown vectors. Remediation: upgrade to IBM Security Identity Manager (ISIM) Virtual ...

8.8CVSS8.8AI score0.00777EPSS
CVE
CVE
added 2022/05/19 4:5 p.m.48 views

CVE-2020-4970

CVE-2020-4970 affects IBM Security Identity Governance and Intelligence versions 5.2.4–5.2.6 and arises from failing to properly enable HTTP Strict Transport Security. An attacker could obtain sensitive information via man-in-the-middle. The IBM advisory lists a fix: upgrade to 5.2.6.0-ISS-SIGI-F...

5.9CVSS5.3AI score0.00672EPSS
CVE
CVE
added 2021/05/20 3:10 p.m.47 views

CVE-2021-29686

CVE-2021-29686 affects IBM Security Identity Manager Virtual Appliance (ISIM VA) 7.0.2 (and 7.0.1). The issue allows an authenticated user to bypass security and perform actions they should not have access to. IBM’s remediation indicates fixes are available in 7.0.2 with FP0003 and 7.0.1 with FP0...

8.8CVSS8.5AI score0.00787EPSS
CVE
CVE
added 2014/11/18 1:0 a.m.46 views

CVE-2014-6098

IBM Security Identity Manager 6.x prior to 6.0.0.3 IF14 is affected by CVE-2014-6098, where a crafted request to the web server can cause disclosure of cleartext passwords. Affected product and version: SIM 6.x before 6.0.0.3 IF14. Impact described: partial confidentiality loss via remote access ...

5CVSS4.1AI score0.02687EPSS
CVE
CVE
added 2014/11/18 1:0 a.m.46 views

CVE-2014-6105

IBM Security Identity Manager (SIM) 6.x prior to 6.0.0.3 IF14 is affected by a clickjacking vulnerability. A remote attacker could hijack the victim’s clicking actions by persuading them to visit a malicious page; no authentication is required. Impact is limited to the client-side click actions, ...

4.3CVSS6.6AI score0.02364EPSS
CVE
CVE
added 2018/01/12 5:0 p.m.46 views

CVE-2016-0336

IBM Security Identity Manager Virtual Appliance (ISIM VA) versions 7.0.0.0–7.0.1.0 are affected by CVE-2016-0336, a cross-site scripting (XSS) vulnerability. The issue arises from improper validation of user-supplied input, enabling remote authenticated users to inject arbitrary web script or HTM...

5.4CVSS4.9AI score0.00644EPSS
CVE
CVE
added 2018/06/08 1:0 p.m.46 views

CVE-2018-1453

CVE-2018-1453 affects IBM Security Identity Manager Virtual Appliance (ISIM VA) 7.0 (and up to 7.0.1.6 per IBM bulletin) where an authenticated attacker can upload or transfer files of dangerous types that can be automatically processed in the environment. Root cause is improper handling of file ...

8.8CVSS7.9AI score0.02077EPSS
CVE
CVE
added 2014/11/18 1:0 a.m.45 views

CVE-2014-6096

IBM Security Identity Manager 6.x is vulnerable to cross-site scripting (XSS) via crafted URLs, due to improper input validation. Affected: SIM 6.0 family up to 6.0.0.3 (IF14). Impact per publicly cited sources indicates potential for script execution in a victim’s browser within the site’s conte...

4.3CVSS3.9AI score0.02325EPSS
CVE
CVE
added 2017/09/18 3:0 p.m.45 views

CVE-2014-6106

CVE-2014-6106 affects IBM Security Identity Manager 5.1, 6.0, and 7.0. The exposure is a CSRF flaw that, via improper validation of requests, could allow a remote attacker to hijack an authenticated user’s session and trigger cross-site scripting, web cache poisoning, or other impacts described i...

8.8CVSS8.5AI score0.00919EPSS
CVE
CVE
added 2020/02/04 4:45 p.m.45 views

CVE-2019-4451

IBM Security Identity Manager (ISIM) 6.0.0 is affected by CVE-2019-4451, a cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure within a trusted session. The IBM Security bulletin confirms the vulnerability and lists the affected product/version. Remediation ...

5.4CVSS5.1AI score0.00561EPSS
CVE
CVE
added 2018/04/20 8:0 p.m.44 views

CVE-2014-6108

CVE-2014-6108 affects IBM Security Identity Manager and IBM Tivoli Identity Manager. The issue is an unencrypted interface connection that can allow a man‑in‑the‑middle attacker to obtain sensitive information. Affected versions include Tivoli Identity Manager 5.1.x (before 5.1.0.15-ISS-TIM-IF005...

5.9CVSS6AI score0.01258EPSS
CVE
CVE
added 2017/02/01 10:0 p.m.44 views

CVE-2016-9739

CVE-2016-9739 concerns IBM Security Identity Manager Virtual Appliance where a local user can read stored credentials because they are kept in plaintext. The available connected IBM security bulletin details the affected product family (IGI/IGI-Virtual Appliance) and confirms the underlying issue...

7.8CVSS7.7AI score0.00365EPSS
CVE
CVE
added 2014/11/18 1:0 a.m.43 views

CVE-2014-6107

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 is vulnerable to leaking sensitive cookies over HTTP due to credential/cookie exposure when sniffed on the network. The issue affects SIM components and can expose partial confidentiality. Mitigation: upgrade to IBM SIM 6.0.0.3 with the accomp...

4.3CVSS3.9AI score0.02364EPSS
CVE
CVE
added 2018/04/20 8:0 p.m.43 views

CVE-2014-6109

The CVE-2014-6109 entry affects IBM Security Identity Manager and IBM Tivoli Identity Manager. The vulnerability allows remote authenticated users to bypass intended access restrictions and obtain sensitive information via server-side LDAP query handling issues in IBM Tivoli Identity Manager 5.1....

5.3CVSS5.3AI score0.01199EPSS
CVE
CVE
added 2018/04/20 8:0 p.m.43 views

CVE-2014-6112

IBM Security Identity Manager and IBM Tivoli Identity Manager are affected by CVE-2014-6112 due to use of weak SSL ciphers, enabling potential information disclosure over network connections. The IBM Security Identity Manager family (versions 6.0.x prior to 6.0.0.4-ISS-SIM-IF0001 and 7.0.x prior ...

5.9CVSS6.1AI score0.01874EPSS
CVE
CVE
added 2020/02/04 4:45 p.m.43 views

CVE-2019-4675

CVE-2019-4675 affects IBM Security Identity Manager 7.0.1, where the component contains hard-coded credentials used for its own inbound authentication, outbound communication to external components, or encryption of internal data. The root cause is the presence of embedded credentials in ISIM ver...

9.8CVSS9AI score0.0128EPSS
CVE
CVE
added 2019/01/24 5:0 p.m.42 views

CVE-2018-1959

IBM Security Identity Manager Virtual Appliance 7.0.1 is affected by CVE-2018-1959 due to hard-coded credentials used for inbound authentication/outbound communication or data encryption. Affected versions: 7.0.1 – 7.0.1.10. Impact per IBM: Confidentiality impact high; other impacts not reported....

7.8CVSS7.2AI score0.00249EPSS
CVE
CVE
added 2019/02/04 9:0 p.m.42 views

CVE-2018-1962

CVE-2018-1962 affects IBM Security Identity Manager Virtual Appliance versions 7.0.1–7.0.1.10. Root cause: failure to invalidate session tokens on logout, enabling local attackers to log into a closed browser session. Reported impact is limited to local access scenarios with session termination b...

4CVSS3.6AI score0.00362EPSS
CVE
CVE
added 2019/01/14 2:0 p.m.42 views

CVE-2018-1967

IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting via the Web UI, allowing arbitrary JavaScript execution and potential credential disclosure within a trusted session. Affected versions range 6.0.0 to 6.0.0.20. Remediation: apply fix 6.0.0-ISS-SIM-FP0021.

6.1CVSS6AI score0.01325EPSS
CVE
CVE
added 2021/06/16 4:15 p.m.42 views

CVE-2021-20483

IBM Security Identity Manager 6.0.2 is affected by CVE-2021-20483, a server-side request forgery (SSRF) vulnerability. The issue arises in the IBM Security Identity Manager Password Synchronization plug-in for Windows AD, enabling an authenticated remote attacker to obtain sensitive data. IBM’s a...

6.5CVSS6.1AI score0.00915EPSS
CVE
CVE
added 2020/02/04 4:45 p.m.41 views

CVE-2019-4674

CVE-2019-4674 affects IBM Security Identity Manager 7.0.1, where a remote attacker could traverse directories by sending a URL with dot-dot (../) sequences to view arbitrary files. The vulnerability is a directory traversal in ISIM, enabling partial confidentiality impact. IBM’s related advisory ...

6.8CVSS5.9AI score0.01934EPSS
CVE
CVE
added 2021/06/16 4:15 p.m.41 views

CVE-2021-20488

CVE-2021-20488 affects IBM Security Identity Manager 6.0.2 with the Windows Password Synchronization Plug‑in. A remote authenticated attacker could change passwords for other users in a Windows AD environment, due to improper handling in the ISIM Password Sync Plug‑in flow. The issue is confirmed...

7.5CVSS6.1AI score0.00913EPSS
CVE
CVE
added 2014/11/18 1:0 a.m.40 views

CVE-2014-6095

CVE-2014-6095 affects IBM Security Identity Manager 6.x prior to 6.0.0.3 IF14. It is a directory traversal vulnerability that could allow a remote attacker to read arbitrary files via unspecified vectors. The NVD lists a base score of 5.0 (Medium) with network access, low attack complexity, and p...

5CVSS4.2AI score0.0354EPSS
CVE
CVE
added 2019/01/18 5:0 p.m.38 views

CVE-2018-2019

IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to XML External Entity (XXE) processing when handling XML data. The root cause is improper XML parsing, allowing a remote attacker to access sensitive information or exhaust memory resources. Affected product: IBM Security Identi...

7.1CVSS7.2AI score0.02404EPSS
CVE
CVE
added 2018/04/20 8:0 p.m.37 views

CVE-2014-6111

CVE-2014-6111 affects IBM Security Identity Manager and Tivoli Identity Manager. The root cause is storing encrypted user credentials and the keystore password in cleartext in configuration files, enabling a local attacker to decrypt SIM credentials via unspecified vectors. Affected versions incl...

7.8CVSS7.3AI score0.00351EPSS