Security Identity Manager@6.0.0 Security Vulnerabilities and Issues — Security Identity Manager@6.0.0 CVE List

Lucene search

IbmSecurity Identity Manager6.0.0

5 matches found

CVE•added 2019/11/20 5:15 p.m.•60 views

CVE-2019-4561

IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the sys...

9.3CVSS8.7AI score0.01584EPSS

CVE•added 2019/01/14 2:29 p.m.•42 views

CVE-2018-1969

IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.

9.9CVSS8.8AI score0.00383EPSS

CVE•added 2019/01/14 2:29 p.m.•40 views

CVE-2018-1956

IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628.

7.5CVSS7.7AI score0.00256EPSS

CVE•added 2019/01/14 2:29 p.m.•32 views

CVE-2018-1967

IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748.

6.1CVSS6AI score0.00239EPSS

CVE•added 2019/01/18 5:0 p.m.•29 views

CVE-2018-2019

IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265.

7.1CVSS7.2AI score0.00546EPSS