Ibm Security_identity_governance_and_intelligence
39 CVEs affecting Ibm Security_identity_governance_and_intelligence. Latest disclosed: 2022-05-17. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-4958 | Critical | 9.8 | 2021-01-21 | IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consume… |
CVE-2017-1407 | High | 8.8 | 2017-09-28 | IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending… |
CVE-2017-1483 | High | 8.6 | 2017-09-28 | IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users a… |
CVE-2020-4795 | High | 8.2 | 2021-02-09 | IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IB… |
CVE-2020-4245 | High | 7.5 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attacker… |
CVE-2020-4232 | High | 7.5 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to a… |
CVE-2018-1756 | High | 7.5 | 2018-09-07 | IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statemen… |
CVE-2020-4246 | High | 7.1 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attac… |
CVE-2020-4790 | Medium | 6.5 | 2021-02-09 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering… |
CVE-2020-4968 | Medium | 6.5 | 2021-01-21 | IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensi… |
CVE-2020-4249 | Medium | 6.5 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect… |
CVE-2020-4231 | Medium | 6.5 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. I… |
CVE-2017-1755 | Medium | 6.5 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be execu… |
CVE-2018-1947 | Medium | 6.1 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users… |
CVE-2018-1945 | Medium | 6.1 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the vict… |
CVE-2020-4969 | Medium | 5.9 | 2021-01-21 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable… |
CVE-2018-1946 | Medium | 5.9 | 2019-02-21 | IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to… |
CVE-2017-1411 | Medium | 5.9 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easi… |
CVE-2017-1366 | Medium | 5.9 | 2018-08-06 | IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decry… |
CVE-2017-1395 | Medium | 5.9 | 2018-07-13 | IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused b… |