Security Identity Manager Security Vulnerabilities and Issues — Security Identity Manager CVE List

Lucene search

IbmSecurity Identity Manager

8 matches found

CVE•added 2018/06/08 1:29 p.m.•41 views

CVE-2017-1405

IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392.

4.9CVSS5.5AI score0.0006EPSS

CVE•added 2018/01/12 5:29 p.m.•37 views

CVE-2016-0335

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: ...

8.8CVSS8.8AI score0.00106EPSS

CVE•added 2018/06/08 1:29 p.m.•37 views

CVE-2018-1453

IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055.

8.8CVSS7.9AI score0.00396EPSS

CVE•added 2018/04/20 8:29 p.m.•34 views

CVE-2014-6108

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. ...

5.9CVSS6AI score0.00204EPSS

CVE•added 2018/04/20 8:29 p.m.•32 views

CVE-2014-6109

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to ...

5.3CVSS5.3AI score0.00123EPSS

CVE•added 2018/04/20 8:29 p.m.•32 views

CVE-2014-6112

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: ...

5.9CVSS6.1AI score0.00253EPSS

CVE•added 2018/01/12 5:29 p.m.•29 views

CVE-2016-0336

Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737.

5.4CVSS4.9AI score0.00129EPSS

CVE•added 2018/04/20 8:29 p.m.•27 views

CVE-2014-6111

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decr...

7.8CVSS7.3AI score0.00042EPSS