Security Identity Manager Security Vulnerabilities and Issues — Security Identity Manager CVE List

Lucene search

IbmSecurity Identity Manager

11 matches found

CVE•added 2021/05/20 3:15 p.m.•47 views

CVE-2021-29691

IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252.

7.5CVSS7.8AI score0.00065EPSS

CVE•added 2019/02/04 9:29 p.m.•42 views

CVE-2019-4038

IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.

7.2CVSS6.4AI score0.0004EPSS

CVE•added 2019/01/14 2:29 p.m.•40 views

CVE-2018-1956

IBM Security Identity Manager 6.0.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 153628.

7.5CVSS7.7AI score0.00256EPSS

CVE•added 2021/05/20 3:15 p.m.•40 views

CVE-2021-29688

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102.

7.5CVSS7AI score0.00303EPSS

CVE•added 2017/09/25 4:29 p.m.•37 views

CVE-2017-1362

IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.

7.8CVSS7AI score0.00045EPSS

CVE•added 2017/02/01 10:59 p.m.•36 views

CVE-2016-9739

IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user.

7.8CVSS7.7AI score0.00055EPSS

CVE•added 2019/02/04 9:29 p.m.•36 views

CVE-2018-1970

IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.

7.1CVSS7AI score0.00359EPSS

CVE•added 2021/06/16 5:15 p.m.•32 views

CVE-2021-20488

IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.

7.5CVSS6.1AI score0.00192EPSS

CVE•added 2019/01/24 5:0 p.m.•30 views

CVE-2018-1959

IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633.

7.8CVSS7.2AI score0.00023EPSS

CVE•added 2019/01/18 5:0 p.m.•29 views

CVE-2018-2019

IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265.

7.1CVSS7.2AI score0.00546EPSS

CVE•added 2018/04/20 8:29 p.m.•27 views

CVE-2014-6111

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decr...

7.8CVSS7.3AI score0.00042EPSS