12 matches found
CVE-2018-1968
CVE-2018-1968 affects IBM Security Identity Manager (ISIM) 7.0.1, where an information-disclosure flaw allows unauthorized users to access sensitive data, potentially enabling further attacks. The description and connected sources confirm the vulnerable component is ISIM (VM/Vendor: IBM) with imp...
CVE-2016-0351
CVE-2016-0351 affects IBM Security Identity Manager Virtual Appliance 7.0.x prior to 7.0.1.3-ISS-SIM-IF0001, where the session cookie in HTTPS does not set the secure flag, enabling cookie capture over HTTP. The IBM bulletin confirms multiple vulnerabilities and provides fixes for ISIM Virtual Ap...
CVE-2019-4676
The CVE-2019-4676 entry affects IBM Security Identity Manager Virtual Appliance 7.0.2, where user credentials are stored in plaintext and can be read by a local user. This is the underlying root cause and directly leads to exposure of credentials on affected installations. The IBM Security Identi...
CVE-2019-4705
CVE-2019-4705 affects IBM Security Identity Manager Virtual Appliance. The IBM Security bulletin lists this CVE as part of vulnerabilities affecting the 7.0.2 (and 7.0.1) releases, noting that it can disclose sensitive information to unauthorized users and potentially enable further attacks. Reme...
CVE-2019-4706
CVE-2019-4706 affects IBM Security Identity Manager Virtual Appliance versions 7.0.2 and 7.0.1. The vulnerability is that ISIM VA writes information to log files that can be of a sensitive nature, potentially exposing sensitive user information or guiding an attacker. IBM’s bulletin confirms the ...
CVE-2016-0324
IBM Security Identity Manager (ISIM) Virtual Appliance versions 7.0.0.0–7.0.1.0 before 7.0.1-ISS-SIM-FP0001 are affected by CVE-2016-0324, a vulnerability that allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. The issue is documente...
CVE-2016-9703
CVE-2016-9703 affects IBM Security Identity Manager Virtual Appliance. The root issue is that session tokens are not invalidated, which could allow a local attacker with physical access to obtain sensitive workstation information. Documented impact: partial confidentiality exposure without exploi...
CVE-2016-9704
CVE-2016-9704 affects IBM Security Identity Manager Virtual Appliance. It is a cross-site scripting vulnerability in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Exploitation status is not provided in the supplied d...
CVE-2016-0332
CVE-2016-0332 affects IBM Security Identity Manager Virtual Appliance versions 7.0.0.0–7.0.1.0 (prior to 7.0.1-ISS-SIM-FP0001). The vulnerability arises from an inadequate account lockout, allowing remote attackers to brute‑force credentials. IBM/JIRA advisories in the connected documents confirm...
CVE-2019-4704
CVE-2019-4704 affects IBM Security Identity Manager Virtual Appliance versions 7.0.2 (also 7.0.1 per remediation) where authorization tokens and session cookies are missing the secure attribute. The root issue is cookie handling that allows cookies to be transmitted over insecure links (http), en...
CVE-2016-0327
CVE-2016-0327 affects IBM Security Identity Manager Virtual Appliance versions 7.0.0.0–7.0.1.0, allowing a local user to gain administrator privileges via unspecified vectors. A fix is available: install IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.1-ISS-SIM-FP0001 (applies to 7.0.0...
CVE-2016-0367
Summary of CVE-2016-0367 (IBM ISIM Virtual Appliance): Affected IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 exposes sensitive information via an error message that can be read by an authenticated remote user, enabling information disclosure. Affected produc...