Ibm Security_identity_manager_virtual_appliance

12 CVEs affecting Ibm Security_identity_manager_virtual_appliance. Latest disclosed: 2020-07-01. Critical: 1, High: 3.

Top CVEs affecting Ibm Security_identity_manager_virtual_appliance
CVESeverityScorePublishedSummary
CVE-2016-0332Critical9.82018-01-12IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, whic…
CVE-2016-0324High8.82018-01-12IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitra…
CVE-2019-4676High7.82020-07-01IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.
CVE-2016-0327High7.82018-01-12IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges…
CVE-2016-9704Medium6.12017-02-01IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in th…
CVE-2018-1968Medium5.32019-07-11IBM Security Identity Manager 7.0.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system…
CVE-2019-4704Medium4.32020-07-01IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to ge…
CVE-2016-0367Medium4.32018-02-21IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by readin…
CVE-2016-0351Low3.72018-02-21IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, wh…
CVE-2019-4706Low2.72020-07-01IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attac…
CVE-2019-4705Low2.72020-07-01IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attac…
CVE-2016-9703Low2.42017-02-01IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work stat…