9 matches found
CVE-2016-0340
CVE-2016-0340 affects IBM Security Identity Manager (ISIM) Virtual Appliance versions 7.0.0.0–7.0.1.1 prior to FP0003. Root cause: mishandled session expiration allows a remote attacker to hijack a session by leveraging an unattended workstation. Impact: remote session hijacking with attacker-con...
CVE-2016-0339
The issue CVE-2016-0339 affects IBM Security Identity Manager (ISIM) Virtual Appliance versions 7.0.0.0–7.0.1.1, where logout handling mishandles session identifiers, enabling a remote attacker to spoof a user by leveraging knowledge of traffic records. Root cause: improper session identifier man...
CVE-2021-20573
The CVE-2021-20573 entry applies to IBM Security Identity Manager Adapters 6.0 and 7.0, which are vulnerable to a heap-based buffer overflow caused by improper bounds checking. A remote authenticated attacker could overflow the buffer and crash the server. The linked IBM bulletin confirms affecte...
CVE-2016-0330
CVE-2016-0330 affects IBM Security Identity Manager Virtual Appliance. The issue is a weak password algorithm used during password creation in ISIM VA versions 7.0.0.0–7.0.1.1 prior to FP0003, which could allow remote attackers to gain access by exploiting the password mechanism. The published re...
CVE-2021-20494
CVE-2021-20494 affects IBM Security Identity Manager Adapters 6.0 and 7.0. It is a heap-based buffer overflow caused by improper bounds checking, allowing an authenticated user to overflow a buffer and crash the service. CVSS (3.1) base score 6.5 (Network, Low/Low/High impact on availability). Re...
CVE-2021-20574
CVE-2021-20574 affects IBM Security Identity Manager Adapters (versions 6.0 and 7.0). A remote authenticated attacker can exploit an LDAP injection via a specially crafted request, possibly taking over other accounts. The related IBM security bulletin notes remediation via updated plug-ins, inclu...
CVE-2021-20572
IBM Security Identity Manager Adapters (versions 6.0 and 7.0) are vulnerable to a stack-based buffer overflow caused by improper bounds checking. A remote authenticated attacker could overflow the buffer and crash the server. Connected IBM bulletin details also reference LDAP/injection possibilit...
CVE-2016-0357
CVE-2016-0357 affects IBM Security Identity Manager Virtual Appliance 7.0.0.0–7.0.1.1 (before FP0003). A remote attacker can hijack the user’s clicking action via a crafted website (clickjacking). The advisory lists remediation by upgrading to IBM Security Identity Manager (ISIM) Virtual Applianc...
CVE-2016-0338
CVE-2016-0338 affects IBM Security Identity Manager Virtual Appliance 7.0.0.0–7.0.1.1 (before 7.0.1-ISS-SIM-FP0003). The issue allows local attackers to disclose cleartext passwords by reading a configuration file or by examining running processes. This disclosure constitutes information exposure...