20 matches found
CVE-2017-1483
CVE-2017-1483 affects IBM Security Identity Manager Adapters (v6.0 and v7.0). The root cause is that the adapters do not perform an authentication check for a critical resource or functionality, enabling anonymous users to access protected areas. Affected products include IBM Security Identity Ma...
CVE-2016-5958
CVE-2016-5958 affects IBM Security Privileged Identity Manager. The issue is caused by a failure to set the secure flag on the session cookie in SSL mode, enabling a remote attacker to intercept the cookie over HTTP and obtain sensitive information. The vulnerability is documented in multiple fee...
CVE-2018-1618
CVE-2018-1618 affects IBM Security Privileged Identity Manager Virtual Appliance (2.2.1). A remote attacker can exploit a directory traversal via crafted URLs containing /../ to view arbitrary files, compromising confidentiality (C to H). The CVSS3 base score is 7.5 (high) with network access and...
CVE-2017-1407
CVE-2017-1407 affects IBM Security Identity Manager Virtual Appliance versions 6.0 and 7.0. The vulnerability enables a remote authenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted request. The exploitation condition is an authenticated remote ...
CVE-2018-1626
CVE-2018-1626 affects IBM Security Privileged Identity Manager Virtual Appliance 2.2.1, arising from a session handling flaw where a session variable is not renewed after authentication, enabling potential session fixation/hijacking via a cookie that could be known to an attacker. The primary pub...
CVE-2016-5960
CVE-2016-5960 affects IBM Security Privileged Identity Manager (ISPIM) 2.0.2 and 2.1.0. The flaw is that user credentials are stored in plain text, readable by a local attacker (information disclosure; local access required). Remediation is available: ISPIM fixes 2.0.2-ISS-ISPIM-VA-IF0010 and 2.1...
CVE-2016-5966
The CVE-2016-5966 entry affects IBM Security Privileged Identity Manager Virtual Appliance. A vulnerability exists where HTTP Strict Transport Security is not properly enabled, allowing a remote attacker to obtain sensitive information via MITM. Affected products/versions: IBM Security Privileged...
CVE-2016-5990
CVE-2016-5990 affects IBM Security Privileged Identity Manager Virtual Appliance (ISPIM) and is triggered by an authenticated user uploading malicious files that are then executed by the server. Affected versions listed in the IBM advisory include ISPIM 2.0.2 and 2.1. The root cause is not exhaus...
CVE-2016-0353
CVE-2016-0353 affects IBM Security Privileged Identity Manager Virtual Appliance 2.0 prior to 2.0.2 FP8. The root cause is that the session cookie was not marked as Secure in SSL, allowing interception when transmitted over HTTPS/HTTP in a mixed context and potentially enabling cookie theft. The ...
CVE-2016-5959
CVE-2016-5959 affects IBM Security Privileged Identity Manager (ISPIM) versions 2.0.2 and 2.1.0. The root cause is that the product stores sensitive information in URL parameters, creating a risk of information disclosure if URLs are captured in server logs, the referrer header, or browser histor...
CVE-2018-1640
CVE-2018-1640 affects IBM Security Privileged Identity Manager Virtual Appliance. A remote authenticated attacker could execute arbitrary commands via a specially crafted request. Public details in IBM/IBM X-Force references indicate the vulnerability, with remediation information tied to IBM Sec...
CVE-2016-2996
CVE-2016-2996 concerns IBM Security Privileged Identity Manager 2.0, specifically the Virtual Appliance. An authenticated remote user could modify the system by appending lines to arbitrary files due to an input validation error. The issue is documented in IBM Security Privileged Identity Manager...
CVE-2016-5964
CVE-2016-5964 affects IBM Security Privileged Identity Manager Virtual Appliance 2.0.2, where an inadequate account lockout setting could allow a remote attacker to brute force credentials. The IBM Security bulletin notes CVSS v3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N with base score 7.5 (i...
CVE-2017-1705
CVE-2017-1705 affects IBM Security Privileged Identity Manager (ISPIM) 2.1.0. The issue is sensitive information left in HTML page comments, not visible in the UI but retrievable via page source. Root cause: sensitive data remnants in comments. Impact: potential exposure of privileged context inf...
CVE-2018-1625
CVE-2018-1625 affects IBM Security Privileged Identity Manager Virtual Appliance. The vulnerability involves an error message that discloses sensitive information about the environment, users, or data, enabling information disclosure. Affected product/version details in the provided docs include ...
CVE-2018-1622
CVE-2018-1622 affects IBM Security Privileged Identity Manager Virtual Appliance, with CSRF allowing an attacker to perform malicious actions on behalf of a trusted user. The initial entry specifies this as a cross-site request forgery vulnerability in version 2.2.1, with a high impact (CVSS v3 b...
CVE-2018-1680
CVE-2018-1680 affects IBM Security Privileged Identity Manager Virtual Appliance (ISPIM VA) 2.2.1, where the default configuration does not require strong passwords by default, enabling easier compromise of user accounts. The issue stems from weak password policy enforcement within the appliance....
CVE-2016-5988
CVE-2016-5988 affects IBM Security Privileged Identity Manager Virtual Appliance. Impact: authenticated users can obtain sensitive information via disclosing content in generated error messages. Affected versions: IBM Security Privileged Identity Manager 2.0.2 and 2.1. Remediation/fix: ISPIM 2.0....
CVE-2018-1623
CVE-2018-1623 affects IBM Security Privileged Identity Manager Virtual Appliance. The vulnerability allows web pages to be stored locally and readable by another user on the same system (impact: local information disclosure). Affected product/version per the dossier: IBM Security Privileged Ident...
CVE-2016-0366
CVE-2016-0366 affects IBM Security Identity Manager Virtual Appliance; the risk is due to weak encryption that could allow a remote attacker to obtain sensitive information via a MITM scenario. The IBM Security Privileged Identity Manager/ISPIM 2.0 family is affected, with IBM’s bulletin noting t...