Ibm Security Identity Governance And Intelligence
38 CVEs affecting Ibm Security Identity Governance And Intelligence. Latest disclosed: 2022-05-19. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-4958 | Critical | 9.8 | 2021-01-21 | IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consume… |
CVE-2020-4795 | High | 8.2 | 2021-02-09 | IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IB… |
CVE-2020-4245 | High | 7.5 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attacker… |
CVE-2020-4232 | High | 7.5 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to a… |
CVE-2018-1756 | High | 7.5 | 2018-09-07 | IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statemen… |
CVE-2020-4246 | High | 7.1 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attac… |
CVE-2020-4790 | Medium | 6.5 | 2021-02-09 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering… |
CVE-2020-4968 | Medium | 6.5 | 2021-01-21 | IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensi… |
CVE-2020-4249 | Medium | 6.5 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect… |
CVE-2020-4231 | Medium | 6.5 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. I… |
CVE-2017-1755 | Medium | 6.5 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be execu… |
CVE-2018-1947 | Medium | 6.1 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users… |
CVE-2018-1945 | Medium | 6.1 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the vict… |
CVE-2020-4970 | Medium | 5.9 | 2022-05-19 | IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure… |
CVE-2020-4969 | Medium | 5.9 | 2021-01-21 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable… |
CVE-2018-1946 | Medium | 5.9 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to… |
CVE-2017-1411 | Medium | 5.9 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easi… |
CVE-2017-1366 | Medium | 5.9 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decry… |
CVE-2017-1395 | Medium | 5.9 | 2018-07-13 | IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused b… |
CVE-2020-4996 | Medium | 5.5 | 2021-02-09 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentica… |