Lucene search
K
IbmSecurity Privileged Identity Manager

20 matches found

CVE
CVE
added 2017/09/27 5:0 p.m.68 views

CVE-2017-1483

CVE-2017-1483 affects IBM Security Identity Manager Adapters (v6.0 and v7.0). The root cause is that the adapters do not perform an authentication check for a critical resource or functionality, enabling anonymous users to access protected areas. Affected products include IBM Security Identity Ma...

8.6CVSS8.3AI score0.01485EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.66 views

CVE-2016-5958

CVE-2016-5958 affects IBM Security Privileged Identity Manager. The issue is caused by a failure to set the secure flag on the session cookie in SSL mode, enabling a remote attacker to intercept the cookie over HTTP and obtain sensitive information. The vulnerability is documented in multiple fee...

7.5CVSS7.3AI score0.01688EPSS
CVE
CVE
added 2019/04/02 1:20 p.m.56 views

CVE-2018-1618

CVE-2018-1618 affects IBM Security Privileged Identity Manager Virtual Appliance (2.2.1). A remote attacker can exploit a directory traversal via crafted URLs containing /../ to view arbitrary files, compromising confidentiality (C to H). The CVSS3 base score is 7.5 (high) with network access and...

7.7CVSS7.4AI score0.03395EPSS
CVE
CVE
added 2017/09/27 5:0 p.m.53 views

CVE-2017-1407

CVE-2017-1407 affects IBM Security Identity Manager Virtual Appliance versions 6.0 and 7.0. The vulnerability enables a remote authenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted request. The exploitation condition is an authenticated remote ...

9CVSS8.2AI score0.03418EPSS
CVE
CVE
added 2019/04/02 1:20 p.m.53 views

CVE-2018-1626

CVE-2018-1626 affects IBM Security Privileged Identity Manager Virtual Appliance 2.2.1, arising from a session handling flaw where a session variable is not renewed after authentication, enabling potential session fixation/hijacking via a cookie that could be known to an attacker. The primary pub...

4.3CVSS6AI score0.01164EPSS
CVE
CVE
added 2017/06/07 5:0 p.m.50 views

CVE-2016-5960

CVE-2016-5960 affects IBM Security Privileged Identity Manager (ISPIM) 2.0.2 and 2.1.0. The flaw is that user credentials are stored in plain text, readable by a local attacker (information disclosure; local access required). Remediation is available: ISPIM fixes 2.0.2-ISS-ISPIM-VA-IF0010 and 2.1...

5.5CVSS5.9AI score0.00329EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.49 views

CVE-2016-5966

The CVE-2016-5966 entry affects IBM Security Privileged Identity Manager Virtual Appliance. A vulnerability exists where HTTP Strict Transport Security is not properly enabled, allowing a remote attacker to obtain sensitive information via MITM. Affected products/versions: IBM Security Privileged...

5.9CVSS5.8AI score0.01227EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.49 views

CVE-2016-5990

CVE-2016-5990 affects IBM Security Privileged Identity Manager Virtual Appliance (ISPIM) and is triggered by an authenticated user uploading malicious files that are then executed by the server. Affected versions listed in the IBM advisory include ISPIM 2.0.2 and 2.1. The root cause is not exhaus...

6.5CVSS6.2AI score0.00642EPSS
CVE
CVE
added 2016/11/24 7:41 p.m.48 views

CVE-2016-0353

CVE-2016-0353 affects IBM Security Privileged Identity Manager Virtual Appliance 2.0 prior to 2.0.2 FP8. The root cause is that the session cookie was not marked as Secure in SSL, allowing interception when transmitted over HTTPS/HTTP in a mixed context and potentially enabling cookie theft. The ...

4.3CVSS4.8AI score0.00877EPSS
CVE
CVE
added 2017/06/07 5:0 p.m.48 views

CVE-2016-5959

CVE-2016-5959 affects IBM Security Privileged Identity Manager (ISPIM) versions 2.0.2 and 2.1.0. The root cause is that the product stores sensitive information in URL parameters, creating a risk of information disclosure if URLs are captured in server logs, the referrer header, or browser histor...

5.3CVSS5.7AI score0.01286EPSS
CVE
CVE
added 2019/04/02 1:20 p.m.47 views

CVE-2018-1640

CVE-2018-1640 affects IBM Security Privileged Identity Manager Virtual Appliance. A remote authenticated attacker could execute arbitrary commands via a specially crafted request. Public details in IBM/IBM X-Force references indicate the vulnerability, with remediation information tied to IBM Sec...

9CVSS8.5AI score0.03712EPSS
CVE
CVE
added 2016/11/24 7:41 p.m.45 views

CVE-2016-2996

CVE-2016-2996 concerns IBM Security Privileged Identity Manager 2.0, specifically the Virtual Appliance. An authenticated remote user could modify the system by appending lines to arbitrary files due to an input validation error. The issue is documented in IBM Security Privileged Identity Manager...

6.5CVSS6.5AI score0.00875EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.45 views

CVE-2016-5964

CVE-2016-5964 affects IBM Security Privileged Identity Manager Virtual Appliance 2.0.2, where an inadequate account lockout setting could allow a remote attacker to brute force credentials. The IBM Security bulletin notes CVSS v3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N with base score 7.5 (i...

9.8CVSS9AI score0.01596EPSS
CVE
CVE
added 2018/03/30 4:0 p.m.45 views

CVE-2017-1705

CVE-2017-1705 affects IBM Security Privileged Identity Manager (ISPIM) 2.1.0. The issue is sensitive information left in HTML page comments, not visible in the UI but retrievable via page source. Root cause: sensitive data remnants in comments. Impact: potential exposure of privileged context inf...

4.3CVSS4.2AI score0.01299EPSS
CVE
CVE
added 2019/04/02 1:20 p.m.45 views

CVE-2018-1625

CVE-2018-1625 affects IBM Security Privileged Identity Manager Virtual Appliance. The vulnerability involves an error message that discloses sensitive information about the environment, users, or data, enabling information disclosure. Affected product/version details in the provided docs include ...

4.3CVSS4.9AI score0.01003EPSS
CVE
CVE
added 2019/04/02 1:20 p.m.44 views

CVE-2018-1622

CVE-2018-1622 affects IBM Security Privileged Identity Manager Virtual Appliance, with CSRF allowing an attacker to perform malicious actions on behalf of a trusted user. The initial entry specifies this as a cross-site request forgery vulnerability in version 2.2.1, with a high impact (CVSS v3 b...

8.8CVSS8.4AI score0.00532EPSS
CVE
CVE
added 2019/04/02 1:20 p.m.44 views

CVE-2018-1680

CVE-2018-1680 affects IBM Security Privileged Identity Manager Virtual Appliance (ISPIM VA) 2.2.1, where the default configuration does not require strong passwords by default, enabling easier compromise of user accounts. The issue stems from weak password policy enforcement within the appliance....

7.5CVSS7.4AI score0.01484EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.41 views

CVE-2016-5988

CVE-2016-5988 affects IBM Security Privileged Identity Manager Virtual Appliance. Impact: authenticated users can obtain sensitive information via disclosing content in generated error messages. Affected versions: IBM Security Privileged Identity Manager 2.0.2 and 2.1. Remediation/fix: ISPIM 2.0....

6.5CVSS6.1AI score0.00988EPSS
CVE
CVE
added 2019/04/02 1:20 p.m.41 views

CVE-2018-1623

CVE-2018-1623 affects IBM Security Privileged Identity Manager Virtual Appliance. The vulnerability allows web pages to be stored locally and readable by another user on the same system (impact: local information disclosure). Affected product/version per the dossier: IBM Security Privileged Ident...

4CVSS4.2AI score0.00359EPSS
CVE
CVE
added 2018/02/21 4:0 p.m.36 views

CVE-2016-0366

CVE-2016-0366 affects IBM Security Identity Manager Virtual Appliance; the risk is due to weak encryption that could allow a remote attacker to obtain sensitive information via a MITM scenario. The IBM Security Privileged Identity Manager/ISPIM 2.0 family is affected, with IBM’s bulletin noting t...

4.3CVSS4.7AI score0.00653EPSS