Ibm Security_identity_manager_virtual_appliance
12 CVEs affecting Ibm Security_identity_manager_virtual_appliance. Latest disclosed: 2020-07-01. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-0332 | Critical | 9.8 | 2018-01-12 | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, whic… |
CVE-2016-0324 | High | 8.8 | 2018-01-12 | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitra… |
CVE-2019-4676 | High | 7.8 | 2020-07-01 | IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512. |
CVE-2016-0327 | High | 7.8 | 2018-01-12 | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges… |
CVE-2016-9704 | Medium | 6.1 | 2017-02-01 | IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in th… |
CVE-2018-1968 | Medium | 5.3 | 2019-07-11 | IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system… |
CVE-2019-4704 | Medium | 4.3 | 2020-07-01 | IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to ge… |
CVE-2016-0367 | Medium | 4.3 | 2018-02-21 | IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by readin… |
CVE-2016-0351 | Low | 3.7 | 2018-02-21 | IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, wh… |
CVE-2019-4706 | Low | 2.7 | 2020-07-01 | IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attac… |
CVE-2019-4705 | Low | 2.7 | 2020-07-01 | IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attac… |
CVE-2016-9703 | Low | 2.4 | 2017-02-01 | IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work stat… |