Security Identity Manager Security Vulnerabilities and Issues — Security Identity Manager CVE List

Lucene search

IbmSecurity Identity Manager

5 matches found

CVE•added 2019/01/14 2:29 p.m.•42 views

CVE-2018-1969

IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.

9.9CVSS8.8AI score0.00383EPSS

CVE•added 2019/01/14 2:29 p.m.•40 views

CVE-2018-1956

IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628.

7.5CVSS7.7AI score0.00256EPSS

CVE•added 2019/01/14 2:29 p.m.•32 views

CVE-2018-1967

IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748.

6.1CVSS6AI score0.00239EPSS

CVE•added 2019/01/24 5:0 p.m.•30 views

CVE-2018-1959

IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633.

7.8CVSS7.2AI score0.00023EPSS

CVE•added 2019/01/18 5:0 p.m.•29 views

CVE-2018-2019

IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265.

7.1CVSS7.2AI score0.00546EPSS