Lucene search
K
IbmSecurity Identity Manager Virtual Appliance

12 matches found

CVE
CVE
added 2019/07/11 7:55 p.m.117 views

CVE-2018-1968

CVE-2018-1968 affects IBM Security Identity Manager (ISIM) 7.0.1, where an information-disclosure flaw allows unauthorized users to access sensitive data, potentially enabling further attacks. The description and connected sources confirm the vulnerable component is ISIM (VM/Vendor: IBM) with imp...

5.3CVSS5.4AI score0.01301EPSS
CVE
CVE
added 2018/02/21 4:0 p.m.52 views

CVE-2016-0351

CVE-2016-0351 affects IBM Security Identity Manager Virtual Appliance 7.0.x prior to 7.0.1.3-ISS-SIM-IF0001, where the session cookie in HTTPS does not set the secure flag, enabling cookie capture over HTTP. The IBM bulletin confirms multiple vulnerabilities and provides fixes for ISIM Virtual Ap...

4.3CVSS4.8AI score0.0105EPSS
CVE
CVE
added 2020/07/01 2:25 p.m.45 views

CVE-2019-4676

The CVE-2019-4676 entry affects IBM Security Identity Manager Virtual Appliance 7.0.2, where user credentials are stored in plaintext and can be read by a local user. This is the underlying root cause and directly leads to exposure of credentials on affected installations. The IBM Security Identi...

7.8CVSS7.2AI score0.00574EPSS
CVE
CVE
added 2020/07/01 2:25 p.m.44 views

CVE-2019-4705

CVE-2019-4705 affects IBM Security Identity Manager Virtual Appliance. The IBM Security bulletin lists this CVE as part of vulnerabilities affecting the 7.0.2 (and 7.0.1) releases, noting that it can disclose sensitive information to unauthorized users and potentially enable further attacks. Reme...

4CVSS4.4AI score0.00803EPSS
CVE
CVE
added 2020/07/01 2:25 p.m.44 views

CVE-2019-4706

CVE-2019-4706 affects IBM Security Identity Manager Virtual Appliance versions 7.0.2 and 7.0.1. The vulnerability is that ISIM VA writes information to log files that can be of a sensitive nature, potentially exposing sensitive user information or guiding an attacker. IBM’s bulletin confirms the ...

4CVSS4.5AI score0.00803EPSS
CVE
CVE
added 2018/01/12 5:0 p.m.42 views

CVE-2016-0324

IBM Security Identity Manager (ISIM) Virtual Appliance versions 7.0.0.0–7.0.1.0 before 7.0.1-ISS-SIM-FP0001 are affected by CVE-2016-0324, a vulnerability that allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. The issue is documente...

9CVSS8AI score0.03677EPSS
CVE
CVE
added 2017/02/01 10:0 p.m.42 views

CVE-2016-9703

CVE-2016-9703 affects IBM Security Identity Manager Virtual Appliance. The root issue is that session tokens are not invalidated, which could allow a local attacker with physical access to obtain sensitive workstation information. Documented impact: partial confidentiality exposure without exploi...

2.4CVSS3.4AI score0.00346EPSS
CVE
CVE
added 2017/02/01 10:0 p.m.42 views

CVE-2016-9704

CVE-2016-9704 affects IBM Security Identity Manager Virtual Appliance. It is a cross-site scripting vulnerability in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Exploitation status is not provided in the supplied d...

6.1CVSS5.8AI score0.00961EPSS
CVE
CVE
added 2018/01/12 5:0 p.m.40 views

CVE-2016-0332

CVE-2016-0332 affects IBM Security Identity Manager Virtual Appliance versions 7.0.0.0–7.0.1.0 (prior to 7.0.1-ISS-SIM-FP0001). The vulnerability arises from an inadequate account lockout, allowing remote attackers to brute‑force credentials. IBM/JIRA advisories in the connected documents confirm...

9.8CVSS8.4AI score0.02286EPSS
CVE
CVE
added 2020/07/01 2:25 p.m.40 views

CVE-2019-4704

CVE-2019-4704 affects IBM Security Identity Manager Virtual Appliance versions 7.0.2 (also 7.0.1 per remediation) where authorization tokens and session cookies are missing the secure attribute. The root issue is cookie handling that allows cookies to be transmitted over insecure links (http), en...

4.3CVSS4.7AI score0.0058EPSS
CVE
CVE
added 2018/01/12 5:0 p.m.39 views

CVE-2016-0327

CVE-2016-0327 affects IBM Security Identity Manager Virtual Appliance versions 7.0.0.0–7.0.1.0, allowing a local user to gain administrator privileges via unspecified vectors. A fix is available: install IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.1-ISS-SIM-FP0001 (applies to 7.0.0...

7.8CVSS7.5AI score0.00313EPSS
CVE
CVE
added 2018/02/21 4:0 p.m.35 views

CVE-2016-0367

Summary of CVE-2016-0367 (IBM ISIM Virtual Appliance): Affected IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 exposes sensitive information via an error message that can be read by an authenticated remote user, enabling information disclosure. Affected produc...

4.3CVSS4.5AI score0.00963EPSS